Exchange Server security updates (November 14, 2023)

Posted on 2023-11-15 by guenni

Exchange Logo[German]Microsoft has released security updates for Exchange Server 2016 and Exchange Server 2019 on November 14, 2023. These security updates close vulnerabilities in this software. The updates should be installed on the systems promptly to close the vulnerabilities in question.

Advertising

I came across the following tweet from the Exchange team on Twitter about the security updates for Exchange Server 2016 and Exchange Server 2019.

Exchange Nov. 2023 Updates

Microsoft has published the Techcommunity articl Released: November 2023 Exchange Server Security Updates with a description of the security updates. Security updates are available for the following Exchange Server CU versions.

SUs are available as self-extracting .exe packages and as original update packages (.msp files), and can be downloaded from the Microsoft Update Catalog.

Microsoft writes in the Techcommunity post that the security updates fix vulnerabilities reported to Microsoft by security partners and found by Microsoft's internal processes. These vulnerabilities affect Exchange Server. Exchange Online customers are already protected against the vulnerabilities.

Certificate signing of PowerShell serialization payloads

Microsoft notes that as of November 2023 SU, certificate signing of PowerShell serialization payloads will be enabled by default (as a reminder, this feature was released as an optional feature in January 2023). Once the November 2023 SU (or later) is installed on a server, certificate signing will be enabled automatically (for that specific server only). Further information can be found in the documentation of the feature.

Advertising

Before installing the security update, make sure that the Exchange-Auth certificate is valid. Microsoft already provides the MonitorExchangeAuthCertificate.ps1 script to perform a quick check.

Known issues

Certain cmdlets via the pipeline (e.g. Get-MailboxDatabase | Get-Mailbox) may only fail on computers with management tools. Further details and possible workarounds can be found in the documentation for the Serialized Data Signing feature. So far I have not encountered any (further) problems in connection with this update. Please refer to the FAQ in the linked Techcommunity article.

Similar articles:
Microsoft Security Update Summary (November 14, 2023)
Patchday: Windows 10-Updates (November 14, 2023)
Patchday: Windows 11/Server 2022-Updates (November 14, 2023)
Windows 7/Server 2008 R2; Server 2012 R2: Updates (November 14, 2023)
Microsoft Office Updates (November 14, 2023)

Exchange Server security updates (November 14, 2023)
Windows: cURL 8.4.0 Update kommt zum 14. November 2023-Patchday

Advertising
This entry was posted in Security, Software, Update and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).