Microsoft has released security updates (SUs) that resolve vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
IMPORTANT: When manually installing SUs...
Updated Mar 16, 2022
Version 6.0
Blog Post
LukasSMSFT
Microsoft
Microsoft
Q: Does this only apply to certificates that have Exchange services tied to them, or is it any certificate in the personal store?
A: If the certificate is returned via 'Get-ExchangeCertificate', it might cause the service to crash because we then generate the async notifications as described in the KB5013118.
Q: Should this workaround be applied before or after the installation of March's update?
A: Please check the 'Cause' section. It shows a clear order of the steps:
-
On the servers that are running Exchange Servers, set the registry value that's described in the "Workaround" section, Step 1.
-
Do the "Workaround" Step 2.
-
Install the March 2022 Exchange Server security update.
Q: Is this workaround just to get the service running again, will the crashing symptoms continue following a reboot if expiring certs are still installed?
A: The workaround disables the functionality which generates async notifications to avoid these notifications are generated on different Exchange server builds (servers that have installed the SU and servers that have not). If you run a single Exchange Server version (for example, only Exchange 2019) within your environment without co-existence, you can safely remove the registry value after all servers are updated.