Exchange Server Security Updates (March 14, 2023)

Exchange Logo[German]Microsoft has released the March 14, 2023 security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 (some as a re-release from Feb. 2023). These security updates close vulnerabilities in this software. The updates should be installed on systems in a timely manner to close the vulnerabilities.


Advertising

Microsoft has published the Techcommunity postReleased: March 2023 Exchange Server Security Updates with a description of the security updates.

Security updates are available for the following Exchange Server CU versions.

  • Exchange Server 2013 CU23 SU21 (KB5024296, support ends April 2023)
  • Exchange Server 2016 CU23, SU 7 (KB5024296)
  • Exchange Server 2019 CU11 SU11 (KB5024296) und  CU12, SU7 (KB5024296)

Microsoft writes in the Techcommunity post that the security updatesfix vulnerabilities reported to Microsoft by security partners and found through Microsoft's internal processes. No details about the vulnerabilities were given – on de patch management list I read that CVE-2023-21707 was a re-release of the Feb. 2023 update. There is also a reference to the critical security update for Outlook (CVE-2023-23397):

There is a security update for Microsoft Outlook that is required to address CVE-2023-23397. To address this CVE, you must install the Outlook security update.

After installing the Outlook update, you can use a script we created to see if any of your users have been targeted using the Outlook vulnerability. The script will tell you if any users have been targeted by potentially malicious messages and allow you to modify or delete those messages if any are found. The script will take some time to run, so we recommend prioritizing user mailboxes that are of higher value to attackers (e.g., executives, senior leadership, admins, etc.).

Pay attention to Microsoft's notes about the update installation, the fixed bugs (e.g. of the Feb. 2023 update) and what else to pay attention to. Here is the list of fixed issues:


Advertising

The Health Checker should be run after installation to see if further action is required.

These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities covered in these SUs and do not need to take any action other than updating all Exchange servers in their environment.

Similar articles:
Microsoft Security Update Summary (March 14, 2023)
Patchday: Windows 10-Updates (March 14, 2023)
Patchday: Windows 11/Server 2022-Updates (March 14, 2023)
Windows 7/Server 2008 R2; Server 2012 R2: Updates (March 14, 2023)
Patchday: Microsoft Office Updates (March 14, 2023)
Exchange Server Security Updates (March 14, 2023)

February 2023 Patchday: EWS problems after Exchange Server security update
Microsoft advises end of support for Exchange Server 2013 on April 11, 2023
Exchange 2019: Does the January 2023 SU with CU 12 trigger the index problem again?
Microsoft Exchange January 2023 patchday issues
Exchange Server: Microsoft recommends updating antivirus scan exclusions (Feb. 2023)


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Allgemein. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *