{"id":28739,"date":"2023-02-15T01:17:49","date_gmt":"2023-02-15T00:17:49","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=28739"},"modified":"2023-02-17T07:09:43","modified_gmt":"2023-02-17T06:09:43","slug":"exchange-server-security-updates-february-14-2023","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/02\/15\/exchange-server-security-updates-february-14-2023\/","title":{"rendered":"Exchange Server Security Updates (February 14, 2023)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline; border-width: 0px;\" title=\"Exchange Logo\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2022\/06\/Exchange.jpg\" alt=\"Exchange Logo\" width=\"152\" height=\"133\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/02\/15\/exchange-server-sicherheitsupdates-14-februar-2023\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 as of February 14, 2023. These security updates close four vulnerabilities (rated as important) in this software. The updates are intended to be installed on systems in a timely manner to close the vulnerabilities in question.<br \/>\n<!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/vg05.met.vgwort.de\/na\/c8b9c1155111494d8dd5ad21d0175e86\" alt=\"\" width=\"1\" height=\"1\" \/>Microsoft has published the Techcommunity post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-february-2023-exchange-server-security-updates\/ba-p\/3741058\" target=\"_blank\" rel=\"noopener\">Released: February 2023 Exchange Server Security Updates<\/a> with a description of the security updates.<\/p>\n<p><a title=\"https:\/\/i.imgur.com\/nf1FIno.png\" href=\"https:\/\/i.imgur.com\/nf1FIno.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/i.imgur.com\/nf1FIno.png\" \/><\/a><\/p>\n<p>Security updates are available for the following Exchange Server CU versions.<\/p>\n<ul>\n<li>Exchange Server 2013 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=105000\" target=\"_blank\" rel=\"noopener\">CU23<\/a>, SU20 (KB5023038, support ends in April 2023)<\/li>\n<li>Exchange Server 2016 <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?familyID=30d02c29-3f58-48b5-8dc6-6b54af690732\" target=\"_blank\" rel=\"noopener\">CU23<\/a>, SU 6 (KB5023038)<\/li>\n<li>Exchange Server 2019 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=104998\" target=\"_blank\" rel=\"noopener\">CU11<\/a> SU10 (KB5023038) and <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?familyID=68684ee7-ed06-4819-92d4-33b46eb56093\" target=\"_blank\" rel=\"noopener\">CU12<\/a>, SU6 (KB5023038)<\/li>\n<\/ul>\n<p>Microsoft writes in the Techcommunity post that the February 2023 security updates address vulnerabilities reported to Microsoft by security partners and found through Microsoft's internal processes. The following vulnerabilities have been closed.<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21707\" target=\"_blank\" rel=\"noopener\">CVE-2023-21707<\/a>: Microsoft Exchange Server Remote Code Execution Vulnerability<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21706\" target=\"_blank\" rel=\"noopener\">CVE-2023-21706<\/a>: Microsoft Exchange Server Remote Code Execution Vulnerability<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21710\" target=\"_blank\" rel=\"noopener\">CVE-2023-21710<\/a>: Microsoft Exchange Server Remote Code Execution Vulnerability<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21529\" target=\"_blank\" rel=\"noopener\">CVE-2023-21529<\/a>: Microsoft Exchange Server Remote Code Execution Vulnerability<\/li>\n<\/ul>\n<p>Microsoft writes that while there are no known active exploits in the wild, they recommend installing these updates immediately to protect Exchange installations.<\/p>\n<p>Pay attention to Microsoft's notes about the update installation, the fixed bugs and what else to pay attention to. The Health Checker should be run after installation to see if any further action is required.<\/p>\n<p>The patches cause a bug: Exchange Toolbox and Queue Viewer fail after certificate signing of the PowerShell serialization payload.<\/p>\n<p><strong>Addendum:<\/strong> Initially, the January 2023 update for Exchange Server 2016 CU 23 was delivered &#8211; but the bug has been fixed (see <a href=\"https:\/\/borncity.com\/win\/2023\/02\/16\/microsofts-february-2023-patchday-incorrect-updates-in-wsus-exchange-and-windows\/\" rel=\"bookmark\">Microsoft's February 2023 Patchday: Incorrect updates in WSUS, Exchange and Windows<\/a>). In addition, some installations experience EWS problems (see <a href=\"https:\/\/borncity.com\/win\/2023\/02\/17\/february-2023-patchday-ews-problems-after-exchange-server-security-update\/\" rel=\"bookmark\">February 2023 Patchday: EWS problems after Exchange Server security update<\/a>) &#8211; a workaround is known.<\/p>\n<blockquote><p>These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating all Exchange servers in their environment.<\/p><\/blockquote>\n<p><strong>Similar articles:<\/strong><br \/>\n<a href=\"https:\/\/www.borncity.com\/blog\/2022\/10\/12\/exchange-server-sicherheitsupdates-11-oktober-2022\/\">Exchange Server Sicherheitsupdates (11. Oktober 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/11\/09\/exchange-server-security-updates-november-8-2022\/\">Exchange Server security updates (November 8, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/01\/11\/exchange-server-security-updates-january-10-2023\/\">Exchange Server Security Updates (January 10, 2023)<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><a href=\"https:\/\/www.borncity.com\/blog\/2022\/03\/11\/probleme-mit-exchange-mrz-2022-updates\/\"><br \/>\n<\/a><a href=\"https:\/\/borncity.com\/win\/2021\/07\/13\/exchange-2016-2019-outlook-probleme-durch-amsi-integration\/\">Exchange 2016\/2019: Outlook problems due to AMSI integration<\/a><a href=\"https:\/\/www.borncity.com\/blog\/2022\/03\/11\/probleme-mit-exchange-mrz-2022-updates\/\"><br \/>\n<\/a><a href=\"https:\/\/borncity.com\/win\/2021\/09\/27\/exchange-server-september-2021-cu-kommt-zum-28-9-2021-mit-microsoft-exchange-emergency-mitigation-service\/\">Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service<\/a><a href=\"https:\/\/www.borncity.com\/blog\/2022\/03\/11\/probleme-mit-exchange-mrz-2022-updates\/\"><br \/>\n<\/a><a href=\"https:\/\/borncity.com\/win\/2021\/08\/29\/exchange-server-2016-2019-benutzerdefinierte-attribute-in-ecp-nach-cu-installation-juli-2021-nicht-mehr-aktualisierbar\/\">Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/01\/12\/microsoft-exchange-january-2023-patchday-issues\/\" target=\"_blank\" rel=\"noopener\">Microsoft Exchange January 2023 patchday issues<\/a><\/p>\n<p class=\"entry-title\"><a href=\"https:\/\/borncity.com\/win\/2023\/02\/15\/exchange-server-security-updates-february-14-2023\/\" rel=\"bookmark\">Exchange Server Security Updates (February 14, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/02\/16\/microsofts-february-2023-patchday-incorrect-updates-in-wsus-exchange-and-windows\/\" rel=\"bookmark\">Microsoft's February 2023 Patchday: Incorrect updates in WSUS, Exchange and Windows<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/02\/17\/february-2023-patchday-ews-problems-after-exchange-server-security-update\/\" rel=\"bookmark\">February 2023 Patchday: EWS problems after Exchange Server security update<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 as of February 14, 2023. These security updates close four vulnerabilities (rated as important) in this software. The updates are intended to be installed &hellip; <a href=\"https:\/\/borncity.com\/win\/2023\/02\/15\/exchange-server-security-updates-february-14-2023\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[869,2775,69,195],"class_list":["post-28739","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-exchange","tag-patchday-2-2023","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/28739","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=28739"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/28739\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=28739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=28739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=28739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}