Microsoft has released its December 2025 Security Updates (SUs) to address vulnerabilities in Exchange Server Subscription Edition (SE), Exchange Server 2019, and Exchange Server 2016. While the security updates for Exchange SE are available for download from the Microsoft Download Center, customers using Exchange 2016 and 2019 who have enrolled in the Extended Security Update (ESU) Program will receive the corresponding security updates directly from Microsoft.
Although no active exploits have been reported, Microsoft strongly recommends installing these updates immediately to protect your environment. Exchange Online customers are already protected and do not need to take any action.
Still running on Exchange Server 2016 or 2019?
Organizations running on-premises Exchange 2016 or 2019 should take note: these versions are out of support, and security updates are only available through the ESU program. If not enrolled in ESU, receive critical patches will not be received, leaving the systems vulnerable to potential threats.
If organizations can not migrate to Office 365, then moving Exchange workloads to Exchange SE is the best way to ensure alignment with ongoing security and compliance standards. Exchange SE is Microsoft’s modern subscription-based platform that provides continuous updates without requiring ESU enrollment. Staying on unsupported versions like Exchange 2016 or 2019 poses significant business risks, including data breaches and regulatory penalties.
Conclusion:
Running Exchange 2016 or 2019 without ESU means operating in an unsupported and vulnerable state. Migrating to Exchange SE is not just an IT decision—it’s a strategic move to protect the organization’s data and reputation. Helient strongly recommends customers be aware of the various options available to run the Exchange on secured and supported versions. If you would like more information or assistance, please contact our industry-leading experts at service@helient.com.
1 minute read
