June 2023 Exchange Server Security Updates

Microsoft released several Security Updates (SUs) for Microsoft Exchange Server to address vulnerabilities. Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect the environment.

Note: These vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.

Exchange Server Security Updates

Microsoft has released Security Updates for vulnerabilities found in:

  • Exchange Server 2016
  • Exchange Server 2019

These Security Updates are available for the following specific versions of Exchange:

  • Exchange Server 2016 (CU23)
  • Exchange Server 2019 (CU12, CU13)

Read more on how to Install Exchange Security Update.

If you are not at these Exchange Server CU versions, please update right now and apply the above patch.

Read more on how to Install Exchange Cumulative Update.

Vulnerabilities addressed in the June 2023 Security Updates were responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.

Known issues in this release

  • There are no known issues with this release

Issues resolved

The following issues have been resolved in this update:

FAQs

How does this SU relate to Extended Protection feature?
If you already enabled Extended Protection on your servers, install the SU as usual. If you did not enable Extended Protection yet, our recommendation is to enable it after installing January (or any later) SU. Running Health Checker script will always help you validate exactly what you might need to do after SU installation.

Is Windows Extended Protection a prerequisite that needs to be activated before or after applying the SU, or is that an optional but strongly recommended activity?
Extended Protection is not a prerequisite for this Security Update. You can install it without having to activate the Extended Protection feature. However, configuring Extended Protection is strongly recommended, which can help you protect your environments from authentication relay or “Man in the Middle” (MITM) attacks.

The last SU that we installed is (a few months old). Do we need to install all SUs in order, to install the latest one?
The Exchange Server Security Updates are cumulative. If you are running the CU that the SU can be installed on, you do not need to install all the SUs in sequential order but can install the latest SU only.

My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the June 2023 Security Update needs to be installed on your on-premises Exchange Servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.

Do I need to install the updates on “Exchange Management Tools only” workstations?
Install Security Updates on all Exchange Servers as well as servers or workstations running Exchange Management Tools only, which will ensure that there is no incompatibility between management tools clients and servers.

Further information

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 8 Comments

  1. Thank you so much for your detailed explanations, Ali – they do really help!

    Regards,
    Michael

    Reply

  2. Hello, can i use for update SU, GUI with the CU.iso, one of the primary screen offer two choice :

    – connect to the internet and check for updates
    – Don’t check for update right now

    If i select : Connect to the internet and check the updates, this is a way ton install the last SU on my CU Exchange ?

    Thanks

    Reply

  4. Hello Ali,

    after applying june 2023 SU, HealthChecker is displaying an error :

    ‘Not on the latest SU. More Information: https://aka.ms/HC-ExBuilds

    I suppose HealthChecker script has not been updated…
    Perhaps MS is busy to fight against ‘Anonymous Sudan’

    Reply

    1. Hi Pascal,

      Which Exchange Health Checker version do you have? It should download the new version automatically.

      I ran the Exchange Health Checker v23.06.13.1730, and everything looks great. Ensure you have that version or higher (suppose Microsoft updates it in the meantime).

      Reply

      1. Hi Ali,
        It’s weird. Until now HealthChecker automaticaly update itself when I ran it.
        But the version displayed is 23.04.04.1055 that is far from 23.06.13.1730.
        I’ll download it manually…
        Thank you for your help, keep on teaching us 🙂
        Pascal.

        Reply

        1. Microsoft released some bad Exchange Health Checker versions in April 2023 that caused the automatic update to stop working.

          So that’s what happened in your case.

          Once you manually download the Health Checker script, it will auto-update when you run it from now on, just as you are used to.

          My pleasure, Pascal.

          Reply

Leave a Reply

Your email address will not be published. Required fields are marked *