Blocking ads removes funding from us!
Researching and writing articles takes a lot of time. Operating our infrastructure costs money.
All of this is funded with advertising revenue.
We don't like advertising either - that's why we avoid annoying banners and pop-ups.
Please give us a chance and deactivate your adblocker!
Alternatively, you can support us here voluntarily.

Follow us:

>> Test the latest technology and much more: apply to us! <

Microsoft Exchange Server: January 2023 security updates address five vulnerabilities

Microsoft Exchange Server
Image: Microsoft
(Post picture: © 2021 Microsoft)

It's the second Tuesday of the month again - Microsoft Patch Day, including for Microsoft Exchange Server. The server versions 2013, 2016 and 2019 will again receive their current security patches. This issue focuses on five vulnerabilities, none of which are critical according to Microsoft.

Every two months Microsoft releases new updates for their Exchange Server On-Premises. In most cases, these receive security updates for new CVEs. Regardless of this, the Microsoft Windows Server is updated every month on the second Tuesday of the month. Admins should therefore not only import the following Exchange updates, but also check their Windows server for updates in Windows Update.

Note at this point: The Exchange Server 2013 end of support seam. From April 11, 2023 there will be no support or updates for the Progive more. Exchange servers 2016 and 2019 have their (extended) end of support on October 14, 2025.

Exchange Server January Updates: The CVE Listing

With this security update, the developers stuff the following CVEs for all three server versions Exchange Server 2013, 2016 and 2019:

Even if, according to Microsoft, there are no indications that the vulnerabilities are being exploited on systems, the updates should be installed as soon as possible. As usual, this can change quickly with the release of security updates as attacks now become more interesting.

Security patches for Exchange 2013, 2016 and 2019: download links

Create backups (and test them first!), plan enough time and inform the users about the downtime - as usual, one should also not forget. We save you time and list the download links directly here:

  • Exchange Server 2013 CU23
  • Exchange Server 2016 CU23
  • Exchange Server 2019 CU11 and CU12

Frequently asked questions:

  • Previous security updates not installed? As always, these are cumulative, that is, building up and thus independent of each other. Simply import this update and all previous gaps are also filled. About them too Updates for the zero-day vulnerability from September 2022 ("ProxyNotShell").
  • Currently running CU version not included? In this case, the Exchange Server must first be updated to the latest CU version.
  • Check if everything worked? With the Health Checker Script Microsoft can check whether all updates have been imported successfully.

Security update may lead to OWA bug

Like the company in Exchange blog also lets you know there is a known issue with this month's security update. Namely, once the update is installed on an Exchange Server 2016 or 2019, web page previews for URLs pasted in OWA are not rendered correctly. This error should be fixed in the next update.

Recommendations for you

>> The best Amazon deals <

David Wurm

Do that TechnikNews-Ding together with a great team for several years. Works in the background on the server infrastructure and is also responsible for everything editorial. Is fascinated by current technology and likes to blog about everything digital. In his free time, he can often be found developing websites, taking photos or making radio.

David has already written 954 articles and left 381 comments.

Web | Facebook | Twitter | Insta | YouTube | PayPal coffee donation
notification settings
notifications about
Your name, which will be shown publicly.
We will not publish your email address.

Inline feedback
View all comments
Cookie Consent with Real Cookie Banner