CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Microsoft Exchange 2016 and 2019 reach end of support on October 14, 2025

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Exchange Server 2016 and 2019 will reach the end of extended support on October 14, 2025. After this date, Microsoft will no longer provide technical support, bug fixes, time zone updates, or security patches for these versions. Administrators are urged to migrate to Exchange Online or upgrade to Exchange Server Subscription Edition (SE) to maintain support and security. Exchange 2016 and 2019 will continue to operate after October 14, 2025, but running these versions will expose organizations to potential security risks.

Timeline

  1. 15.09.2025 20:04 1 articles · 14d ago

    Microsoft Exchange 2016 and 2019 reach end of support on October 14, 2025

    Microsoft has announced that Exchange Server 2016 and 2019 will reach the end of extended support on October 14, 2025. After this date, Microsoft will cease providing technical support, bug fixes, time zone updates, and security patches for these versions. Administrators are advised to migrate to Exchange Online or upgrade to Exchange Server Subscription Edition (SE) to maintain support and security.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft September 2025 Patch Tuesday addresses 81 vulnerabilities, including two zero-days

Microsoft's September 2025 Patch Tuesday addresses 80 vulnerabilities, including one publicly disclosed flaw and eight critical vulnerabilities. The updates fix a range of issues, including privilege escalation, remote code execution, information disclosure, and denial-of-service vulnerabilities. The patches also cover a critical flaw in Azure Networking and address a new lateral movement technique dubbed BitLockMove. Additionally, security updates have been released by multiple vendors, including Adobe, Cisco, Google, and others. The September 2025 update includes 38 elevation of privilege (EoP) vulnerabilities. The two zero-day vulnerabilities are CVE-2025-55234 in Windows SMB Server and CVE-2024-21907 in Microsoft SQL Server. The SMB vulnerability is exploited through relay attacks, while the SQL Server flaw involves improper handling of exceptional conditions in Newtonsoft.Json. The updates also include hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing to assess compatibility issues. The KB5065429 cumulative update for Windows 10 22H2 and 21H2 includes fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update enables auditing SMB client compatibility for SMB Server signing and SMB Server EPA, and includes an opt-in feature for administrators to allow outbound network traffic from Windows 10 devices. The September 2025 update includes 38 elevation of privilege (EoP) vulnerabilities. CVE-2025-55234 is an elevation of privilege vulnerability with a CVSS score of 8.8. CVE-2025-54918 in Windows NT LAN Manager (NTLM) is marked as critical and has a CVSS score of 8.8. CVE-2025-54111 and CVE-2025-54913 are EoP vulnerabilities in Windows UI XAML. CVE-2025-55232 in the Microsoft High Performance Compute (HPC) Pack has a CVSS score of 9.8. CVE-2025-54916 in Windows NTFS has a CVSS score of 7.8 and can be exploited through SMB or local parsing routines. Microsoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. The update improves the servicing stack, updating Windows 10 22H2 systems to build 19045.6396. The update includes fixes and quality improvements from the KB5065429 cumulative update, enabling support for IT administrators to deploy hardening measures for SMB. The update addresses an issue causing non-admin users to receive unexpected User Account Control (UAC) prompts and fixes delays or uneven audio and video performance issues with Network Device Interface (NDI) streaming. Microsoft will stop providing security updates for Windows 10 after October 14, 2025, and the Extended Security Updates (ESU) program is available for Windows 10 users to delay the switch to Windows 11. Individual customers in the European Economic Area (EEA) can enroll in the ESU program for free.

Open in new tab