Microsoft has released security updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
IMPORTANT: Starting with this release of Securit...
Updated May 27, 2022
Version 21.0
Blog Post
Hi The_Exchange_Team or Nino_Bilic
We are running a tiered environment where exchange is part of T1.
We do not want to make exchange part of T0, where domain admin and enterprise admins resides.
The way we patch the environment is:
1. Patch the exchange server normally by using the CU update using our T1 admin account.
2. Download the entire ISO for Exchange Server 2016 CU22 from ms licensing portal, mount the ISO to a T0 machine and ran "“Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains" on the T0 machine using a T0 account + enterprise admin + domain admins
3. When I ran the health checker on exchange on T1 it still says: "Security Vulnerability: CVE-2022-21978 Install the May 2022 SU and run /PrepareDomain or /PrepareAllDomains - See: https://aka.ms/HC-May22SU"
Is this because your script cannot using my T1 admin account does not have enough privilege to to make the proper detection? Or is this because I have not follow the right procedure?