[German]After the August 2023 security update for Exchange 2016 and 2019 caused massive installations issues for non-English installations, Microsoft had pulled finally all updates. In addition, Microsoft has made a change to the workaround proposed to overcome the install issues.; the newly created AD account may no longer be deleted. Another blog reader informed me about a bug that occurs after the update. Addendum: New versions of the updates has been re-released as of August 15, 2023.
August 2023 patch disaster in review
Microsoft has released security updates for on-premises Exchange Server 2016 and 2019 on August 8, 2023, to address several vulnerabilities. I had reported in the blog post Exchange Server Security Updates (August 8, 2023) and also provided guidance on the vulnerabilities. Shortly after the release of the August 2023 security updates, or almost simultaneously with the publication of my blog post, German administrators made the distressing discovery that the updates could not be installed on German-language Exchange Servers.
I had therefore warned in my German blog post Desaster Exchange August 2023-Sicherheitsupdate – nicht installieren! against installing these security updates. Later, Microsoft published a workaround that should allow installing an existing non-English update with manual intervention. The details can be found in my blog post Workaround for Exchange August 2023 security update install issue. At the same time, the German security updates for Exchange Server 2016/2019 were pulled. Administrators have been waiting since then for the release of a revised security update that can be installed and with which the Exchange Server still works.
Updates pulled; workaround changed
It appears that the patch disaster surrounding Exchange security updates is even bigger than feared. Stefan K. contacted me by mail a few hours ago, and shared his latest observations (thanks for that). I'll pass on his information:
New info about Exchange Update / Workaround changed
I wanted to patch our Exchange Server 2016 CU23 to the SU9 via workaround tonight. Since the server is in the backend and not reachable from the internet, we were hoping for an updated patch until now.
Two things surprised me:
1. Apparently the download of the English patch has also disappeared from the internet. I can't find anything anymore that doesn't run into a 404 error.
I checked it as well while writing the blog post, the security updates are withdrawn. That does suggest a bigger problem with the August 2023 SU for Exchange 2016/2019. And Stefan mentions:
2. Furthermore, Microsoft has probably changed the instructions for the workaround. Under step 6 it now says:
Especially the last point, here called step 6, could be important for some administrators. Because in the old version Microsoft still instructed people to delete the new AD account after installing the security update.
New version of update re-released
Addendum: As of August 15, 2023, new versions (v1) of the updates has been re-released. The updates have been relinked in the Techcommunity post Re-release of August 2023 Exchange Server Security Update packages;
The new Techcommunity article documents which changes Microsoft has made. This is how the V2 update should be installed in any case. If there were problems with version 1, it must be uninstalled and the Exchange server restarted before the new patch in version 2 is installed.
Patch related issue
German Blog reader Andreas G. has reported another issue caused by the security update (v1) from August 8, 2023:
maybe this is relevant/interesting for you or your readers, but maybe the error occurs only with us….
Since we updated our on-prem Exchange 2019 (German) to CU13 SU2, the Exchange web interface has problems with usernames containing a space.
Saving changes like email forwarding is not possible anymore.
We currently work around this by removing the space in the web interface and adding it back under Active Directory Users and Computers.
Addendum 2: In this comment on the Techcommunity post, GGGreg complains that they can't renew the certificate after upgrading to the latest version. There are hints in the comments on how to solve this. Furthermore, one user in this comment complains that the old V1 update is still offered on WSUS and need to be declined. Anyone else who has noticed this?
Cookies helps to fund this blog: Cookie settings