Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
The updates fix the following vulnerabilities;
- CVE-2023-21707: Remote Code Execution Vulnerability
The vulnerability isn’t currently publicly disclosed nor exploited. However, it is rated as “Exploitation More Likely” so make sure you update as soon as possible!
In addition, the Exchange Team highlights the fix for Outlook vulnerability CVE-2023-23397, and the availability of a script to analyze whether mailboxes have been targeted by potentially malicious messages.
The updates also contain the following non-security issues;
- You can’t access Toolbox on Exchange after enabling EnableSerializationDataSigning
- EEMS stops responding after TLS endpoint certificate update
- Get-App and GetAppManifests fail and return an exception
- EWS does not respond and returns an exception
- An exception is returned while opening a template in the Exchange Toolbox
View: Exchange Blog: Released: March 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB5024296)
Download: Security Update for Exchange 2019 CU11 and CU12
Download: Security Update for Exchange 2016 CU23
Download: Security Update for Exchange 2013 CU23 (support ends on April 11, 2023)