Released: March 2023 Exchange Server Security Updates

JMV2100 and Googol As I just replied to a different poster here: Exchange and Outlook fixes are not related. Exchange fix is for Exchange things. Outlook fix is mentioned here because we know Exchange customers use Outlook and we wanted to call out the vulnerability and drive customers to update Outlook. Exchange fix does not fix Outlook CVE or the other way around.

We re-released February Exchange CVE in March to address various issues that were reported to us in February. Our recommendation is to always keep going forward. We update all of our documentation including Health Checker to specify that the March SU (right now) is where we want all of our customers to be. Therefore - go ahead and install March SU and you'll be fully up to date. Customers who use Microsoft / Windows Update to install Exchange SUs will be installing March SU as this is our latest SU for Exchange.

EDIT: Oh, one more thing on the subject. We at times release updates within security updates that were not publicly disclosed or reported by customers. In other words - do not make an assumption that unless there is a CVE, that there was nothing else fixed in the SU. I am not stating that this is the case this time, however, security updates are more than just a sum of CVEs. Therefore - please install our security updates as we release them. If we release them there is a reason for the release. 🙂