UPDATE: Microsoft re-released the SU on August 15th, 2023. See more details here.
The August 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment.
Accounts getting locked out frequently in Active Directory? Messageware EPG Stops Attacks on Exchange Server that cause AD lockouts.
Click to learn more
Microsoft has released Security Updates (SUs) for vulnerabilities found in:
- Exchange Server 2019
- Exchange Server 2016
SUs are available for the following specific versions of Exchange Server:
More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family).
Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 (KB5029388)
This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE)
- CVE-2023-21709 – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2023-38185 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-35368 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-38182 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-35388 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-38181 – Microsoft Exchange Server Spoofing Vulnerability
Issues that are fixed in this update
- DST settings are inaccurate after an OS update
- Microsoft Exchange replication service repeatedly stops responding
- Chinese coded characters aren’t supported in Exchange Admin Center
- External email address field doesn’t display the correct username
Features introduced in this update
Known issues in this update
- After this update is installed, webpage previews for URLs that are shared in Outlook on the web (OWA) are not rendered correctly. We will fix this issue in a future update.
You can get the standalone update package through the Microsoft Download Center.
- Microsoft Exchange Server 2019 Cumulative Update 13 SU2 – Download the package now
- Microsoft Exchange Server 2019 Cumulative Update 12 SU9 – Download the package now
- Microsoft Exchange Server 2016 Cumulative Update 23 SU9 – Download the package now
Update installation
The following update paths are available:
- Install the latest CU. Use the Exchange Update Wizard to choose your current CU and your target CU to get directions.
- Inventory your Exchange Servers to determine which updates are needed using the Exchange Server Health Checker script. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs, SUs, or manual actions).
- Re-run the Health Checker after you install an SU to see if any further actions are needed.
- If you encounter errors during or after installation of Exchange Server, run the SetupAssist script. If something does not work properly after updates, see Repair failed installations of Exchange Cumulative and Security updates.
Reach out to Messageware to improve Microsoft Exchange Server Security
If you are not protecting all the protocols used by your Exchange Server, you’re putting your company at a higher risk of a data breach.
Security incidents happen frequently. They cause disruption, loss of data and potentially risk the reputation of your company. However, if you implement these steps, you’re doing more than most other companies.
Have you heard about Messageware’s EPG that offers advanced Exchange Server security to protect organizations from a variety of logon and password attacks, as well as extensive real-time reporting and alerts of suspicious logon activity? Click here to learn more.