[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 as of February 14, 2023. These security updates close four vulnerabilities (rated as important) in this software. The updates are intended to be installed on systems in a timely manner to close the vulnerabilities in question.
Advertising
Microsoft has published the Techcommunity post Released: February 2023 Exchange Server Security Updates with a description of the security updates.
Security updates are available for the following Exchange Server CU versions.
- Exchange Server 2013 CU23, SU20 (KB5023038, support ends in April 2023)
- Exchange Server 2016 CU23, SU 6 (KB5023038)
- Exchange Server 2019 CU11 SU10 (KB5023038) and CU12, SU6 (KB5023038)
Microsoft writes in the Techcommunity post that the February 2023 security updates address vulnerabilities reported to Microsoft by security partners and found through Microsoft's internal processes. The following vulnerabilities have been closed.
- CVE-2023-21707: Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-21706: Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-21710: Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-21529: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft writes that while there are no known active exploits in the wild, they recommend installing these updates immediately to protect Exchange installations.
Pay attention to Microsoft's notes about the update installation, the fixed bugs and what else to pay attention to. The Health Checker should be run after installation to see if any further action is required.
Advertising
The patches cause a bug: Exchange Toolbox and Queue Viewer fail after certificate signing of the PowerShell serialization payload.
Addendum: Initially, the January 2023 update for Exchange Server 2016 CU 23 was delivered – but the bug has been fixed (see Microsoft's February 2023 Patchday: Incorrect updates in WSUS, Exchange and Windows). In addition, some installations experience EWS problems (see February 2023 Patchday: EWS problems after Exchange Server security update) – a workaround is known.
These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating all Exchange servers in their environment.
Similar articles:
Exchange Server Sicherheitsupdates (11. Oktober 2022)
Exchange Server security updates (November 8, 2022)
Exchange Server Security Updates (January 10, 2023)
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange 2016/2019: Outlook problems due to AMSI integration
Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service
Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)
Microsoft Exchange January 2023 patchday issues
Exchange Server Security Updates (February 14, 2023)
Microsoft's February 2023 Patchday: Incorrect updates in WSUS, Exchange and Windows
February 2023 Patchday: EWS problems after Exchange Server security update
Does anyone else have problems after installing the updates with Outlook Sync of mails on Macs?
Nicht mit Outlook for Mac, aber mit Outlook for Windows. Bin gerade bei der Fehlersuche warum der Outllok Client die Datenbank nicht mehr kontaktieren kann.
[GB: translated] Not with Outlook for Mac, but with Outlook for Windows. I am troubleshooting why the Outllok client can no longer contact the database.
We haven't even gotten that far. We have a failed installation and about half of the exchange services are in a stopped state. We cannot install or remove the update, and its in a stuck state.
Windows failed to install the following update with error 0x80070643: Security Update For Exchange Server 2016 CU23 (KB5023038)
We are considering a VM restore at this point. We have necer attempted this. It is just a transport server with no mailboxes so should be OK.
Just wondering if anyone else ran into issues with the upgrade?
Paul – what course of action did you end up taking? We had same.. CU12 SU6. Failed install. Windows says the update isn't there and exchange says it is so can't uninstall and can't reinstall either. Restore would be catastrophic for us at this point, too many days passed before we found others having same issue. I have applied all the new-settingoverrides, etc to get rid of half the issues but the MAC issues are still there (and we have many MAC clients) and the search issue as well.
Would be nice if MS would release a new patch and QUICKLY. Quit saying that the issue is fixes with a few powershell commands, because it does not fix it.