How to patch Microsoft Exchange Server
Microsoft · Microsoft · 5 steps · Microsoft Exchange Server security status → · updated June 2026
On-premises Exchange is one of the most-attacked products on the internet, so patching promptly matters. Exchange is updated with Cumulative Updates (CUs) plus Security Updates (SUs) — and SUs only install on a supported CU.
Microsoft Exchange Server has 20 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent.
Check your current version first
Before you patch, record what you're running (Exchange Management Shell):
Get-ExchangeServer | Format-List Name, Edition, AdminDisplayVersionOr paste your version into the checker for an instant verdict.
Step by step
Use Get-ExchangeServer (or ExSetup.exe FileVersionInfo) to read the exact build. Compare it against the Exchange build-numbers page to see how far behind you are.
Security Updates only install on the latest CU (or sometimes N-1). If you are on an older CU, update the CU first, then apply the SU.
For DAG members, put the server into maintenance mode and back up / snapshot before you start.
This is the classic Exchange gotcha: launch the SU installer from an elevated command prompt (Run as administrator). Double-clicking it can leave OWA/ECP broken.
Reboot, take the server out of maintenance mode, and confirm the new build with Get-ExchangeServer.
- Run Security Updates elevated — installing without admin elevation is the #1 cause of post-patch Exchange breakage.
- This guide is for on-premises Exchange Server. Exchange Online is patched by Microsoft automatically.
Official sources
- Advisory: Microsoft Security Update Guide ↗
- Download: Exchange Server build numbers (Microsoft Learn) ↗
Don't patch blind. Microsoft Exchange Server has 20 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent. See exactly which versions are safe and what you're exposed to.
Microsoft Exchange Server security status →Stay ahead of the next one
- Microsoft Exchange Server security status & health score — score, open CVEs and safe version.
- Microsoft Exchange Server vulnerabilities — the full CVE list and what's exploited.
- Microsoft Exchange Server end-of-life dates — don't run a release that's stopped getting fixes.
- Monitor Microsoft Exchange Server — get an email alert the moment a new exploited vulnerability lands.
Frequently asked questions
What is the latest version of Microsoft Exchange Server?
As of June 2026, the latest supported Microsoft Exchange Server release we track is 15.2.2562.43. Patch to the current release on your branch and confirm the version after updating.
How do I check which version of Microsoft Exchange Server I am running?
Use: Get-ExchangeServer | Format-List Name, Edition, AdminDisplayVersion (Exchange Management Shell). Record the result before and after patching to confirm the update applied.
Is Microsoft Exchange Server being actively exploited right now?
Yes — 20 Microsoft Exchange Server vulnerabilities are on the CISA Known Exploited Vulnerabilities (KEV) list, so attackers are using them in the wild. Patch promptly. See the exploitation radar.
How do I patch Microsoft Exchange Server safely without breaking production?
Always test in a non-production environment first, take a backup or snapshot, follow the official vendor advisory, and have a tested rollback. Patch one node at a time for clustered or high-availability setups.
Patch steps are general, well-established guidance for Microsoft Exchange Server — always test in a non-production environment first and follow the official Microsoft advisory for your exact version. IsItPatched is independent and not affiliated with Microsoft; this is not a substitute for vendor documentation. See our disclaimer.