Blog Post

Exchange Team Blog
5 MIN READ

Released: August 2023 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Aug 08, 2023
Update 10/10/2023: Our recommendation to address CVE-2023-21709 is now changed; please see the changes below. Update 9/12/2023: As a part of the September 2023 "Patch Tuesday" we have released a fe...
Updated Oct 10, 2023
Version 18.0
announcements
exchange 2016
exchange 2019
on premises
security
Nino_Bilic's avatar
Nino_Bilic
Icon for Microsoft rankMicrosoft
Aug 10, 2023

ceantuco The "last updated" date on CSS-Exchange script documents is broken (we will figure out why). No, this was not disclosed nor addressed in January. It was disclosed / CVE was published on 8/8 and to address it, customers need to take action (either via our script or manual action as documented on the CVE document itself). It is a bit of unusual because generally speaking, to address an Exchange related CVE, you'd install an Exchange update, but in this case this CVE does not have a hard dependency on August SU as it is a change in IIS configuration. We recommend installing August SU first, but that is because we always recommend installing our SUs. The CVE can be addressed independently from application of the August SU, though.