{"id":30455,"date":"2023-06-14T00:39:38","date_gmt":"2023-06-13T22:39:38","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=30455"},"modified":"2023-06-15T08:10:21","modified_gmt":"2023-06-15T06:10:21","slug":"xchange-server-security-updates-june-13-2023","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/06\/14\/xchange-server-security-updates-june-13-2023\/","title":{"rendered":"Exchange Server Security Updates (June 13, 2023)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"margin: 0px 10px 0px 0px;\" title=\"Exchange Logo\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2022\/06\/Exchange.jpg\" alt=\"Exchange Logo\" width=\"152\" height=\"133\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/06\/14\/exchange-server-sicherheitsupdates-13-juni-2023\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has released the security updates for Exchange Server 2016 and Exchange Server 2019 as of June 13, 2023. These security updates close vulnerabilities in this software. The updates are intended to be installed on systems in a timely manner to address the vulnerabilities in question.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/e9e3dba9621544c49870cccc68d54e21\" alt=\"\" width=\"1\" height=\"1\" \/>I came across the following <a href=\"https:\/\/twitter.com\/schnoll\/status\/1668666333142339584\" target=\"_blank\" rel=\"noopener\">tweet<\/a> on Twitter from Scott Schnoll, senior product marketing manager for Exchange Online, Exchange Server, and Microsoft 365 Networking.<\/p>\n<p><a href=\"https:\/\/twitter.com\/schnoll\/status\/1668666333142339584\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Exchange Server security updates June 2023\" src=\"https:\/\/i.imgur.com\/qIhqxGY.png\" alt=\"Exchange Server security updates June 2023\" \/><\/a><\/p>\n<p>Microsoft has published the Techcommunity artice <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-june-2023-exchange-server-security-updates\/ba-p\/3845326\" target=\"_blank\" rel=\"noopener\">Released: June 2023 Exchange Server Security Updates<\/a> with a description of the security updates. Security updates are available for the following Exchange Server CU versions.<\/p>\n<ul>\n<li>Exchange Server 2016 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=105282\" target=\"_blank\" rel=\"noopener\">CU23<\/a> SU 8 (KB5025903)<\/li>\n<li>Exchange Server 2019 <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?familyID=a5bece57-d7f9-4c91-b737-8d5bf89e3f1e\" target=\"_blank\" rel=\"noopener\">CU12<\/a> SU8 (KB5026261) und <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?familyID=06b1401a-746b-4130-a0be-b597c4204995\" target=\"_blank\" rel=\"noopener\">CU13<\/a>, SU1 (KB5026261)<\/li>\n<\/ul>\n<p>SUs are <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/new-exchange-server-security-update-and-hotfix-packaging\/ba-p\/3301819\" target=\"_blank\" rel=\"noopener\">available<\/a> as self-extracting .exe packages as well as original update packages (.msp files), and can be downloaded from the <a href=\"https:\/\/www.catalog.update.microsoft.com\/Home.aspx\" target=\"_blank\" rel=\"noopener\">Microsoft Update Catalog<\/a>.<\/p>\n<p>Microsoft writes in the Techcommunity post that the security updates address vulnerabilities reported to Microsoft by security partners and found through Microsoft's internal processes. No details about the vulnerabilities were provided. In the blog post Microsoft Security Update Summary (June 13, 2023) I had stated the following<\/p>\n<p>Im Beitrag <a href=\"https:\/\/borncity.com\/win\/2023\/06\/14\/microsoft-security-update-summary-june-13-2023\/\">Microsoft Security Update Summary (June 13, 2023)<\/a> hatte ich diesbez\u00fcglich folgendes angegeben.<\/p>\n<blockquote><p><u><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-28310\" target=\"_blank\" rel=\"noopener\">CVE-2023-28310<\/a><\/u>\u00a0und\u00a0<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-32031\" target=\"_blank\" rel=\"noopener\">CVE-2023-3203<\/a>: Microsoft Exchange Server Remote Code Execution Vulnerability; CVEv3 Score 8.0 und 8.1 , important; CVE-2023-28310 kann von einem authentifizierten Angreifer im lokalen Netzwerk ausgenutzt werden, um \u00fcber eine Remote-PowerShell-Sitzung Befehle auf dem Ziel auszuf\u00fchren. CVE-2023-32031 erm\u00f6glicht es einem entfernten, authentifizierten Angreifer, \u00fcber Netzwerkaufrufe Serverkonten anzugreifen, um die Ausf\u00fchrung von beliebigem Code auszul\u00f6sen. Sowohl CVE-2023-32031 als auch CVE-2023-28310 wurden mit \"Exploitation More Likely\" eingestuft und betreffen Microsoft Exchange Server 2016 Cumulative Update 23 und 2019 Cumulative Updates 12 und 13.<\/p><\/blockquote>\n<p>Although Microsoft is not aware of any active exploits in the wild, it is recommended to install these updates immediately for protection.<\/p>\n<p>Note Microsoft's notes on update installation, and what else to check out. Here is the list of fixed issues:<\/p>\n<ul>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/-object-servername-couldn-t-be-found-on-domaincontrollername-error-when-trying-to-uninstall-exchange-server-2dcfb94a-7f58-4a5e-8b59-d0ae12c63e1a\" target=\"_blank\" rel=\"noopener\">\"Object '&lt;ServerName&gt;' couldn't be found on '&lt;DomainControllerName&gt;'\" error when trying to uninstall&#8230;<\/a><\/li>\n<li><a href=\"https:\/\/microsoft.github.io\/CSS-Exchange\/Security\/Extended-Protection\/#known-issues-and-workarounds\" target=\"_blank\" rel=\"noopener\">Changing the permissions for Public Folders by using an Outlook client will fail with the following &#8230;<\/a><\/li>\n<\/ul>\n<p>There are no known issues associated with the security updates. According to Microsoft, the Health Checker should be run after installation to see if any further action is required. Also note the support post <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/exchange-won-t-uninstall-after-the-january-security-update-kb5022143-is-applied-91fd3197-809c-490f-a474-209f989fec43\" target=\"_blank\" rel=\"noopener\">Exchange won't uninstall after the January Security Update (KB5022143) is applied<\/a>, which was freshly published because the June 2023 update fixes this issue.<\/p>\n<blockquote><p>These security vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating all Exchange servers in their environment.<\/p><\/blockquote>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2023\/06\/14\/microsoft-security-update-summary-june-13-2023\/\">Microsoft Security Update Summary (June 13, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/06\/14\/patchday-windows-10-updates-june-13-2023\/\">Patchday: Windows 10-Updates (June 13, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/06\/14\/patchday-windows-11-server-2022-updates-june-13-2023\/\">Patchday: Windows 11\/Server 2022-Updates (June 13, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/06\/14\/windows-7-server-2008-r2-server-2012-r2-updates-june-13-2023\/\" target=\"_blank\" rel=\"noopener\">Windows 7\/Server 2008 R2; Server 2012 R2: Updates (June 13, 2023)<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2023\/06\/07\/microsoft-office-updates-june-6-2023\/\" rel=\"bookmark\">Microsoft Office Updates (June 6, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/06\/15\/microsoft-office-updates-13-juni-2023\/\">Microsoft Office Updates (June 13, 2023)<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2023\/06\/14\/xchange-server-security-updates-june-13-2023\/\">Exchange Server Security Updates (June 13, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/05\/04\/exchange-server-2019-2023-h1-cumulative-update-released-may-3-2023\/\">Exchange Server 2019: 2023 H1 Cumulative Update released (May 3, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/03\/15\/exchange-server-security-updates-march-14-2023\/\">Exchange Server Security Updates (March 14, 2023)<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2023\/02\/17\/february-2023-patchday-ews-problems-after-exchange-server-security-update\/\" rel=\"bookmark\">February 2023 Patchday: EWS problems after Exchange Server security update<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/01\/13\/microsoft-advises-end-of-support-for-exchange-server-2013-on-april-11-2023\/\">Microsoft advises end of support for Exchange Server 2013 on April 11, 2023<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/01\/26\/exchange-2019-does-the-january-2023-su-with-cu-12-trigger-the-index-problem-again\/\" rel=\"bookmark\">Exchange 2019: Does the January 2023 SU with CU 12 trigger the index problem again?<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/01\/12\/microsoft-exchange-january-2023-patchday-issues\/\" rel=\"bookmark\">Microsoft Exchange January 2023 patchday issues<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/02\/27\/exchange-server-microsoft-recommends-updating-antivirus-scan-exclusions-feb-2023\/\" rel=\"bookmark\">Exchange Server: Microsoft recommends updating antivirus scan exclusions (Feb. 2023)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has released the security updates for Exchange Server 2016 and Exchange Server 2019 as of June 13, 2023. These security updates close vulnerabilities in this software. The updates are intended to be installed on systems in a timely manner &hellip; <a href=\"https:\/\/borncity.com\/win\/2023\/06\/14\/xchange-server-security-updates-june-13-2023\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[869,69,195],"class_list":["post-30455","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-exchange","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/30455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=30455"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/30455\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=30455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=30455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=30455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}