Microsoft Exchange Server: Security update for February 2023 fixes annoying bug
Valentine's Day for lovers, Microsoft Patchday for admins. New updates are available for numerous Microsoft software, including the Exchange Server. Microsoft has again provided the entire range of servers in 2013, 2016 and 2019 with new security updates. Among other things, this also fixes an annoying bug that prevented some Exchange services from starting automatically.
On the second Tuesday of the month, Microsoft patches a total of four security gaps marked as "important" with the new update. All cases involve remote code execution. According to Microsoft, the vulnerabilities should not be actively exploited in the wild. Nevertheless, as always, a speedy installation is recommended, including eliminating an annoying bug. This has changed with the last Security update from January 2023 crept in. In some Windows Server 2012 R2 environments, the Exchange services no longer wanted to run after the system started.
Note at this point: The Exchange Server 2013 end of support seam. From April 11, 2023 there will be no support or updates for the Progive more. Exchange servers 2016 and 2019 have their (extended) end of support on October 14, 2025.
Exchange Server Security Updates for February 2013: Overview of CVEs & Downloads
For all versions except 2019, Microsoft only provides an update for the latest CU. These stuff the following CVEs:
As usual, we have collected the download links for all server versions. Admins can download the update for their respective system here:
Exchange Server Updates: Frequently Asked Questions
- Previous security updates not installed? As always, these are cumulative, that is, building up and thus independent of each other. Simply import this update and all previous gaps are also filled. About them too Updates for the zero-day vulnerability from September 2022 ("ProxyNotShell").
- Currently running CU version not included? In this case, the Exchange Server must first be updated to the latest CU version.
- Check if everything worked? With the Health Checker Script Microsoft can check whether all updates have been imported successfully.
Die-hard admins already know, but just as a reminder not to forget the updates for the Windows server itself. As of today's Patchday, these are available as usual in Windows Update. Backup, coffee, patience and announced downtime should also be part of the update process.