Microsoft has released Security Updates (SUs) for vulnerabilities found in:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

The updates address the following vulnerabilities:

Official announcement can be found here.

SUs are available for the following specific versions of Exchange Server:

  • Exchange Server 2013 CU23 
  • Exchange Server 2016 CU23
  • Exchange Server 2019 CU11 and CU12 

The January 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment.

These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating Exchange servers in their environment.

Update installation

The following update paths are available:

Known issues with this release:

  • If Exchange Server 2016 is installed on Windows Server 2012 R2, after installation of the January 2023 SU, the AD Topology service might not start automatically, causing services that depend on it to not start automatically either. To work around this problem, start Exchange services manually. We are investigating this further.
  • Once the update is installed on an Exchange Server 2016 or 2019, web page previews for URLs shared in OWA will not be rendered properly. We will resolve this in a future update.

Reach out to Messageware to improve Microsoft Exchange Server Security

If you are not protecting all the protocols used by your Exchange Server, you’re putting your company at a higher risk of a data breach.

Security incidents happen frequently. They cause disruption, loss of data and potentially risk the reputation of your company. However, if you implement these steps, you’re doing more than most other companies.

Have you heard about Messageware’s EPG that offers advanced Exchange Server security to protect organizations from a variety of logon and password attacks, as well as extensive real-time reporting and alerts of suspicious logon activity? Click here to learn more.