Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
The updates fix the following vulnerabilities;
- CVE-2023-21529: Remote Code Execution Vulnerability
- CVE-2023-21706: Remote Code Execution Vulnerability
- CVE-2023-21707: Remote Code Execution Vulnerability
- CVE-2023-21710: Remote Code Execution Vulnerability
None of the vulnerabilities are currently publicly disclosed or exploited. However, the first 3 vulnerabilities are rated as “Exploitation More Likely” so make sure you update as soon as possible!
The updates also contain the following non-security issues;
- Export-UMPrompt fails with InvalidResponseException
- Edge Transport service returns an “EseNtOutOfSessions” Exception
- Exchange services in automatic startup mode do not start automatically
- Data source returns incorrect checkpoint depth
- Serialization fails while tried accessing Mailbox Searches in ECP
- Transport delivery service mishandles iCAL events
View: Exchange Blog: Released: February 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: February 14, 2023 (KB5023038)
Download: Security Update for Exchange 2019 CU11 and CU12
Download: Security Update for Exchange 2016 CU23
Download: Security Update for Exchange 2013 CU23 (support ends on April 11, 2023)
