Microsoft released Cumulative Update 13 for Microsoft Exchange Server 2019 on May 3rd, 2023. This cumulative update is a security update. It includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues , including updates in the March 2023 SU.


Microsoft has announced that they are bringing Modern Authentication to pure on-premises Exchange Server environments in stages, starting with Exchange Server 2019 in the first half of 2023. Modern Authentication is based on OAuth 2.0 protocol and is considered to be more secure than Basic Authentication. With the release of 2023 H1 CU and the required version of Outlook, Modern Authentication will be supported for authentication against Exchange 2019 using Active Directory Federation Services (ADFS) as the on-premises security token service (STS). This enables the use of stronger authentication features like MFA, smart cards, and certificate-based authentication, as well as third-party security identity providers. The support for other Outlook clients such as Mac OS, Android, and iOS is expected later this year. Customers who have backend servers running Exchange Server 2016 CU23 are also supported for Modern Authentication if they have Exchange Server 2019 CU13 front-ending the client traffic in the environment and are using the correct version of Outlook. Microsoft has also provided the ability to enable and disable Modern Authentication at the user level to help customers gradually roll out this feature in a non-disruptive way.

For more see: Enabling Modern Auth in Exchange On-Premises.

A full list of fixes is contained in the KB article for the CU.

Get Cumulative Update 13 for Exchange Server 2019

Method 1: Volume Licensing Center

Note The Cumulative Update 13 package can be used to run a new installation of Exchange Server 2019 or to upgrade an existing Exchange Server 2019 installation to Cumulative Update 13.

Method 2: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center.

Cumulative update information


This cumulative update requires Microsoft .NET Framework 4.8.

A component that’s used within Exchange Server requires a new Visual C++ component to be installed together with Exchange Server. This prerequisite can be downloaded at Visual C++ Redistributable Package for Visual Studio 2012.

For more information about the prerequisites to set up Exchange Server 2019, see Exchange 2019 prerequisites.

Out of support reminders

As a reminder, the following products/versions are now unsupported:

  • Exchange Server 2013 (any version) – Exchange 2013 reached end of life and went out of support on April 11, 2023. No further updates will be released for Exchange 2013. We also no longer perform any (possible) vulnerability testing on or security validation for Exchange 2013.
  • Exchange Server 2016 CU22 (and earlier) – CU23 is the only supported version of Exchange Server 2016. Any future SUs released for Exchange Server 2016 will be only for CU23.
  • Exchange Server 2019 CU11 (and earlier) – With the release of the 2023 H1 CU for Exchange Server 2019, Exchange Server 2019 CU11 is no longer supported. Any future SUs will be only for CU12 and CU13.

More information

For more information about the deployment of Exchange Server 2019, see Release notes for Exchange 2019.

For more information about the coexistence of Exchange Server 2019 and earlier versions of Exchange Server in the same environment, see Exchange 2019 system requirements.

For more information about other Exchange updates, see Exchange Server Updates: Build numbers and release dates.

A full list of CU and SU can be found on our Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates page.

Reach out to Messageware to improve Microsoft Exchange Server Security

If you are not protecting all the protocols used by your Exchange Server, you’re putting your company at a higher risk of a data breach.

Security incidents happen frequently. They cause disruption, loss of data and potentially risk the reputation of your company. However, if you implement these steps, you’re doing more than most other companies.

Have you heard about Messageware’s EPG that offers advanced Exchange Server security to protect organizations from a variety of logon and password attacks, as well as extensive real-time reporting and alerts of suspicious logon activity? Click here to learn more.