Released: March 2023 Exchange Server Security Updates

Nino_Bilic Thank you very much again Nico for your clarification. I now completely understand, and it’s as I figured from reading the provided documentation. I just wanted some reassurance, so again I appreciate your time and comments. 

We have a small team and lots of work, we’re very active on patch Tuesdays. We rely on the Microsoft security guide and this blog to help us see all of the security issues affecting Microsoft products second “fun” Tuesday of every month.  This blog and the input of the Exchange team is essential to us being able to make informed decisions, and set priorities. Clear communications from Microsoft are of the utmost importance. Clear communications also result in less questions. 

An example of communications which leads to questions and confusion…

”More details about specific CVEs can be found in the https://msrc.microsoft.com/update-guide/ (filter on Exchange Server under Product Family).”

This is a fine statement to make. However, when the customer searches the guide and finds no entries for the March patch Tuesday, questions are going to come up. ‘Did Microsoft forget to update the guide for Exchange?? Are we now vulnerable to some really nasty CVEs we can’t see??’.  Then people panic and get upset because we’re all probably a little bit stressed with having to constantly be on alert, and at the ready to do battle with or recover from an attacker. 

So please continue the work and refine the blog, keep the communications coming as clearly as possible. I know I appreciate the work you all do, and understand it’s just as stressful for the Exchange team.