Blog Post

Exchange Team Blog
6 MIN READ

Released: March 2023 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Mar 14, 2023
Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 SUs are available in a self-extracting auto-elev...
Updated May 08, 2023
Version 22.0
announcements
Exchange 2013
exchange 2016
exchange 2019
on premises
security
setup
Nino_Bilic's avatar
Nino_Bilic
Icon for Microsoft rankMicrosoft
Mar 20, 2023

rsc Script batching is documented in the script FAQ: https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/FAQ/

CSHSYSADMIN I take it that by "this security update" you mean "Outlook security update"? In that case, please see this blog post as we say "To address this CVE, you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform)." Note that you could not be using Exchange at all (on-premises or online) and if not updated, your Outlook client could still be sending hashes to external locations. While this might not be impacting to you immediately (because your service might not be using this hash) - can we all agree that it is not a good thing to send hashes to bad actors? The fix for this then, is to install Outlook update. So the answer is yes - you should install Outlook / Office update.