Security updates have been released for Exchange 2016 and Exchange 2019. There is no security update for Exchange 2013 as support ended on April 11, 2023.
The updates fix the following vulnerabilities;
- CVE-2023-28310: Remote Code Execution Vulnerability
- CVE-2023-32031: Remote Code Execution Vulnerability
Both vulnerabilities aren’t currently publicly disclosed nor exploited. However, they are rated as “Exploitation More Likely” so make sure you update as soon as possible!
The updates also contain the following non-security issues;
- Failure in Public Folder Quota email notifications (Exchange 2019 only
- Extended Protection doesn’t support Public Folder Client Permission Management through Outlook
- Microsoft Exchange Replication service crashes on host server
- Store Worker process crashes and returns “System.NullReferenceExceptions” multiple times per day
- Exchange won’t uninstall after the January Security Update (KB5022143) is applied
View: Exchange Blog: Released: June 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019: June 13, 2023 (KB5026261)
View: Description of the security update for Microsoft Exchange Server 2016: June 13, 2023 (KB5025903)
Download: Security Update for Exchange 2019 CU12 and CU13
Download: Security Update for Exchange 2016 CU23.
