Description of the security update for Microsoft Exchange Server 2016 and 2019: May 10, 2022 (KB5014261)

This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

• CVE-2022-21978 | Microsoft Exchange Server Elevation of Privilege Vulnerability

How to get and install the update

Method 1: Microsoft Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center.

• Microsoft Exchange Server 2019 Cumulative Update 12 - Download the package now
• Microsoft Exchange Server 2019 Cumulative Update 11 - Download the package now
• Microsoft Exchange Server 2016 Cumulative Update 23 - Download the package now
• Microsoft Exchange Server 2016 Cumulative Update 22 - Download the package now

More information

Security update deployment information

For deployment information about this update, see Security update deployment information: May 10, 2022 (KB5014317).

Security update replacement information

This security update replaces the following previously released updates:

• Description of the security update for Microsoft Exchange Server 2019 and 2016: March 8, 2022 (KB5012698)

File information

File hash information

Update name	File name	SHA256 hash
Microsoft Exchange Server 2016 Cumulative Update 22	Exchange2016-KB5014261-x64-en.exe	CB2CF74E136C351DEFBE3777A9CCB192686DD3F4FEE114A5DAC8DB8482442B83
Microsoft Exchange Server 2016 Cumulative Update 22	Exchange2016-KB5014261-x64-en.msp	2EB48F5F33C1229FF84BE2592230750FE82CF13D02545F9CBC787B1A6AD55272
Microsoft Exchange Server 2016 Cumulative Update 23	Exchange2016-KB5014261-x64-en.exe	D0AF2857EFAEE91074DD4DB8AA4805EDA816DECC6AB6C887CD33CAB1D1D7E312
Microsoft Exchange Server 2016 Cumulative Update 23	Exchange2016-KB5014261-x64-en.msp	00BCE24F162CB02F0C5017823164EDCBAD0D25B62C7AC790D2118F6FD7FDF247
Microsoft Exchange Server 2019 Cumulative Update 11	Exchange2019-KB5014261-x64-en.exe	C41F57A3CD5F74E756A4F223AD700AEAEFF4B12E946DC1E2DC8EBCE4466FF3C1
Microsoft Exchange Server 2019 Cumulative Update 11	Exchange2019-KB5014261-x64-en.msp	ACF637C8BB1C2456F215D1932689E5C7F9D7EB511C263ED0D667ACFBD5E341FB
Microsoft Exchange Server 2019 Cumulative Update 12	Exchange2019-KB5014261-x64-en.exe	DDD2A1B019ACDF4B26E216FE94362F102205C3B54BE03EEC6C17FEE4D68DB38F
Microsoft Exchange Server 2019 Cumulative Update 12	Exchange2019-KB5014261-x64-en.msp	B5C07F36771B0285A57B706306FCA6757AE0D9564533BF364BDB1A3F198D0819

Exchange server file information

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

__

Microsoft Exchange Server 2019 Cumulative Update 12

Download the CSV file now

__

Microsoft Exchange Server 2019 Cumulative Update 11

Download the CSV file now

__

Microsoft Exchange Server 2016 Cumulative Update 23

Download the CSV file now

__

Microsoft Exchange Server 2016 Cumulative Update 22

Download the CSV file now

Additional Action

/PrepareAllDomains is required

The following actions should be taken in addition to the application of May 2022 security updates:Latest version of Exchange Server installed in the organization	Additional steps needed
Exchange Server 2016 CU22 or CU23, or Exchange Server 2019 CU11 or CU12	Install the May 2022 SU first and then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin):“Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains”Or“Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains”
Exchange Server 2013 CU23	Install the May 2022 SU first and then run the following Command Prompt command once using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin):Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains
Any older version of Exchange Server not list	Update your Exchange server to the latest CU, install May 2022 SU and then follow the steps above.

**Note:**You need to run /PrepareAllDomains only once per organization and those changes will apply to all versions of Exchange Server within the organization. When you run /PrepareAllDomains, your account needs to be a member of the Enterprise Admins security group. This might be a different account from the one you use to install the SU.

Information about protection and security

Protect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security