Blog Post

Exchange Team Blog
6 MIN READ

Released: March 2023 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Mar 14, 2023
Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 SUs are available in a self-extracting auto-elev...
Updated May 08, 2023
Version 22.0
announcements
Exchange 2013
exchange 2016
exchange 2019
on premises
security
setup
LukasSMSFT's avatar
LukasSMSFT
Icon for Microsoft rankMicrosoft
Apr 12, 2023

NurminenS the script was updated multiple times and so, the latest version no longer uses the AzureAD module. Instead, it does Graph API calls to do the preparation work (e.g., generating new application passwords). This is where your call fails (we receive a HTTP 400 instead of HTTP 200). Do you run the script with a Global Administrator account or Application Administrator (https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/#prerequisites-to-run-the-script-for-exchange-online)?

 

If the issue still occurs (even after running the script with a GA), please open an issue on GitHub as this makes it easier for us to track and investigate. 

https://github.com/microsoft/CSS-Exchange/issues