{"id":39659,"date":"2025-10-14T23:16:08","date_gmt":"2025-10-14T21:16:08","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=39659"},"modified":"2025-10-15T10:32:23","modified_gmt":"2025-10-15T08:32:23","slug":"exchange-server-security-updates-october-2025","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2025\/10\/14\/exchange-server-security-updates-october-2025\/","title":{"rendered":"Exchange Server Security Updates October 2025"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"\" style=\"margin: 0px 10px 0px 0px; display: inline; float: left; border-width: 0px;\" title=\"Exchange Logo\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2022\/06\/Exchange.jpg\" alt=\"Exchange Logo\" width=\"173\" height=\"151\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2025\/10\/14\/exchange-server-sicherheitsupdates-oktober-2025\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft released the \"October 2025\" security update for Exchange Server on October 14, 2025. The security update applies to Exchange Server 2016, Exchange Server 2019, and, for the first time, Exchange Server Subscription Edition (SE). Exchange Online customers are already protected and are not affected by the update.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg06.met.vgwort.de\/na\/7430aa71d8124d4dbef7dfca524fcb5f\" alt=\"\" width=\"1\" height=\"1\" \/>I became aware of the release via a comment in the discussion forum (thanks to the reader for the tip) and a subsequent <a href=\"https:\/\/x.com\/schnoll\/status\/1978148783675310450\" target=\"_blank\" rel=\"noopener\">tweet<\/a>. Microsoft has published a Tech Community article <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/exchange\/released-october-2025-exchange-server-security-updates\/4461276\" target=\"_blank\" rel=\"noopener\">Released: October 2025 Exchange Server Security Updates<\/a> on this topic.<\/p>\n<p><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/exchange\/released-october-2025-exchange-server-security-updates\/4461276\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" title=\"Exchange Server SU August 2025\" src=\"https:\/\/i.postimg.cc\/3w2tBXQW\/image.png\" alt=\"Exchange Server SU Oktober 2025\" width=\"482\" height=\"518\" \/><\/a><\/p>\n<p>Security Updates (SUs) are available for the following specific versions of Exchange Server:<\/p>\n<ul>\n<li>Exchange SE <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?id=108422\" target=\"_blank\" rel=\"noopener noreferrer\">RTM<\/a><\/li>\n<li>Exchange Server 2019 <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?id=108421\" target=\"_blank\" rel=\"noopener noreferrer\">CU14<\/a> and\u00a0<a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?id=108419\" target=\"_blank\" rel=\"noopener noreferrer\">CU15<\/a><\/li>\n<li>Exchange Server 2016 <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?id=108420\" target=\"_blank\" rel=\"noopener noreferrer\">CU23<\/a><\/li>\n<\/ul>\n<p>The October 2025 SUs address security vulnerabilities reported to Microsoft by third parties and discovered through Microsoft's internal processes in Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE). According to <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Oct\" target=\"_blank\" rel=\"noopener\">this website<\/a>, the following vulnerabilities have been addressed:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-53782\" target=\"_blank\" rel=\"noopener\">CVE-2025-53782<\/a>: Server Elevation of Privilege Vulnerability; CVSS 3.1 Score 7.3<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-59248\" target=\"_blank\" rel=\"noopener\">CVE-2025-59248<\/a>: Spoofing Vulnerability; CVSS 3.1 Score 7.5<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-59249\" target=\"_blank\" rel=\"noopener\">CVE-2025-59249<\/a>: Server Elevation of Privilege Vulnerability; CVSS 3.1 Score 7.7<\/li>\n<\/ul>\n<p>Although Microsoft is not aware of any active exploits, Redmond recommends that customers install these updates immediately to protect their Exchange environment. Exchange Online customers are already protected against the vulnerabilities addressed in these SUs and do not need to take any further action other than updating the Exchange servers or Exchange Management Tools workstations in their environment.<\/p>\n<h2 id=\"community-4362055-toc-hId-2009968407\">Last patches for Exchange Server 2016\/2019<\/h2>\n<p>The SUs from October 2025 are the last publicly available SUs for Exchange Server 2016 and 2019. After this date, only customers who have contacted their Microsoft customer team to obtain the Extended Security Update (ESU) for these versions will receive new SUs, which we may release until April 2026 for Exchange 2016 and 2019. Microsoft recommends that users of these Exchange versions upgrade to Exchange SE.<\/p>\n<h2>Exporting authentication certificates no longer possible<\/h2>\n<p>Starting with the October 2025 SU, exporting the Exchange Server authentication certificate and its private key with <em>Export-ExchangeCertificate<\/em> will be blocked for security reasons (for more information, see <a href=\"https:\/\/support.microsoft.com\/help\/5069337\" target=\"_blank\" rel=\"noopener noreferrer\">KB5069337<\/a>).<\/p>\n<h2>Measures and further information<\/h2>\n<p>After installing the appropriate security update for Exchange Server, administrators should run Health Checker again to check whether further measures are necessary. If errors occur during or after the installation of Exchange Server, run the <a href=\"https:\/\/aka.ms\/ExSetupAssist\" target=\"_blank\" rel=\"noopener\">SetupAssist scrip<\/a>t. The TechCommunity article <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/exchange\/released-october-2025-exchange-server-security-updates\/4461276\" target=\"_blank\" rel=\"noopener\">Released: October 2025 Exchange Server Security Updates<\/a> also contains information on what to do if problems arise.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft released the \"October 2025\" security update for Exchange Server on October 14, 2025. The security update applies to Exchange Server 2016, Exchange Server 2019, and, for the first time, Exchange Server Subscription Edition (SE). Exchange Online customers are already &hellip; <a href=\"https:\/\/borncity.com\/win\/2025\/10\/14\/exchange-server-security-updates-october-2025\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[869,69,195],"class_list":["post-39659","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-exchange","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/39659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=39659"}],"version-history":[{"count":5,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/39659\/revisions"}],"predecessor-version":[{"id":39673,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/39659\/revisions\/39673"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=39659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=39659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=39659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}