Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability 

CVE-2022-24463 | Microsoft Exchange Server Spoofing Vulnerability 

Known issues in this update

  • Issue 1

    When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.

    When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. However, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) might stop working.

    This issue occurs on servers that are using User Account Control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

    Note: This issue does not occur if you install the update through Microsoft Update.

    To avoid this issue, follow these steps to manually install this security update:

    1. Select Start, and type cmd.

    2. In the results, right-click Command Prompt, and then select Run as administrator.

    3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.

    4. Type the full path of the .msp file, and then press Enter.

  • Issue 2

    Exchange services might remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition might occur if the service control scripts experience a problem when they try to return Exchange services to their usual state.

    To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated Command Prompt window, see Start a Command Prompt as an Administrator.

  • Issue 3

    When you block third-party cookies in a web browser, you might be continually prompted to trust a particular add-in even though you keep selecting the option to trust it. This issue occurs also in privacy window modes (such as InPrivate mode in Microsoft Edge). This issue occurs because browser restrictions prevent the response from being recorded. To record the response and enable the add-in, you must enable third-party cookies for the domain that's hosting OWA or Office Online Server in the browser settings. To enable this setting, refer to the specific support documentation for the browser.

  • Issue 4

    When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates a "(400) Bad Request" error message. For more information and workarounds to this issue, see "(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology.

  • Issue 5

    5013118 Exchange Service Host service fails after installing March 2022 security update

How to get and install the update

Method 1: Microsoft Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center.

More information

Security update deployment information

For deployment information about this update, see March 8, 2022.

Security update replacement information

This security update replaces the following previously released updates:

File information

File hash information

Update name

File name

SHA256 hash

Exchange Server 2019 CU11 SU4

Exchange2019-KB5012698-x64-en.msp

187198029547F32A7BFA5FE0D5725B6C3DAD052389D244D0BEF21AB42991F49A

Exchange Server 2019 CU10 SU5

Exchange2019-KB5012698-x64-en.msp

C2BAF475C2C94C6995FDD58FC9A56601ADD3BEB5CD1FB2F6D8332BCF8BB2E13F  

Exchange Server 2016 CU22 SU4

Exchange2016-KB5012698-x64-en.msp

C2DB72AE95002F9949A74210D5803872F3873AD3F8FC725CD6597EE766D8F11F

Exchange Server 2016 CU21 SU5

Exchange2016-KB5012698-x64-en.msp

FF6E6E083B3713615C971A8E8DFF4F23CCED4E4B7BBA85A19924F08DE3E41F3A

Exchange Server file information

For a list of the files that are provided in this security update, download the file information for security update 5012698 for the appropriate product.

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×