Exchange Server Security Updates (October 10, 2023)

Exchange Logo[German]Microsoft released security updates for Exchange Server 2016 and Exchange Server 2019 on October 10. These security updates close vulnerabilities in this software. The updates should be installed on the systems promptly to close the vulnerabilities in question.


I came across the following tweet from the Exchange team regarding the security updates for Exchange Server 2016 and Exchange Server 2019.

Exchange Oktober 2023 Updates

Microsoft has published the Techcommunity post Released: October 2023 Exchange Server Security Updates with a description of the security updates. Security updates are available for the following Exchange Server CU versions.

  • Exchange Server 2016 CU23
  • Exchange Server 2019 CU12 and CU13

SUs are available as self-extracting .exe packages and as original update packages (.msp files), and can be downloaded from the Microsoft Update Catalog.

Microsoft writes in the Techcommunity post that the security updates address vulnerabilities reported to Microsoft by security partners and found through Microsoft's internal processes.

During the release of the August 2023 SUs, Microsoft recommended using a manual or scripted fix and disabling the IIS token cache module to address CVE-2023-21709. With the October 2023 updates, the Windows team released the IIS fix for the root cause of this vulnerability in the form of the fix for CVE-2023-36434. Microsoft recommends installing the IIS fix and then re-enabling the token cache module on Exchange servers.


Pay attention to Microsoft's notes on the update installation, and what else needs to be considered. No issues are known with this update.

These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities covered in these SUs and do not need to take any action other than updating all Exchange servers in their environment.

See also Exchange Server Oct. 2023 updates fail with error 0x80070534

Similar articles:
Microsoft Security Update Summary (October 10, 2023)
Patchday: Windows 10 Updates (October 10, 2023)
Patchday: Windows 11/Server 2022 Updates (October 10, 2023)
Windows 7/Server 2008 R2; Server 2012 R2: Updates (October 10, 2023)
Microsoft Office Updates (October 10, 2023)

Exchange Server Security Updates (October 10, 2023)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software, Update and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *