Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
SUs are available in a self-extracting auto-elev...
Updated May 08, 2023
Version 22.0
Blog Post
Appreciate keeping us safe and releasing SUs. Bit late, but a small feedback on the documentation.
"More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family)."
This line adds bit of confusion, as we would expect a new CVE for Mar and generally that's where we would check. But post filters are put there are no CVEs listed for Mar on Exchange Servers. Strange, a bit of digging we can notice this update is a update to Feb SU, covering the same CVE CVE-2023-21707 released in Feb 2023. Just noticed comments earlier here, around similar topic.
The blog post could have been more clearer, atleast referenced the Exchange CVE its re-tackling.
Additional References that clarifies the linkage.
Exchange Server 2019 Exchange Server 2016 Exchange Server 2013
This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):
Why are there new updates associated with this CVE?
We are re-releasing this CVE to inform customers that there are new updates to install for this vulnerability. A small subset of customers were experiencing problems with Exchange Web Services due to the updates that were released in February. The new updates address these problems. Customers who are experiencing issues with the February updates are encouraged to install the March Exchange Server updates listed in the Security Updates table.