The June 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.
These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating Exchange servers in their environment.
More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family).
The following update paths are available:
Install the latest CU. Use the Exchange Update Wizard to choose your current CU and your target CU to get directions.
Inventory your Exchange Servers to determine which updates are needed using the Exchange Server Health Checker script. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs, SUs, or manual actions).
Re-run the Health Checker after you install an SU to see if any further actions are needed.
Where are the SUs for Exchange Server 2013 and Exchange Server 2019 CU11? - Exchange Server 2013 is now out of support and will not receive any further security updates. We do not perform any vulnerability testing against this version of Exchange anymore. Exchange Server 2013 is likely vulnerable to any vulnerabilities disclosed after April 2023 and you should migrate to Exchange Server 2019 or Exchange Online as soon as possible and decommission Exchange Server 2013 from your environment. - Exchange Server 2019 CU11 is not a supported CU anymore (we only support last two CUs with our security updates for in-support products). Please update to CU12 or CU13 to install June 2023 SU.
Our organization is in Hybrid mode with Exchange Online. Do we need to do anything? Exchange Online is already protected, but this SU needs to be installed on your Exchange servers, even if they are used only for management purposes. If you change the auth certificate after installing the SU, you should re-run the Hybrid Configuration Wizard.
The last SU we installed is a few months old. Do we need to install all SUs in order, to install the latest one? SUs are cumulative. If you are running a CU supported by the SU, you do not need to install all SUs in sequential order; simply install the latest SU. Please see this blog post for more information.
Do we need to install SUs on all Exchange Servers within our organization? What about ‘Management Tools only’ machines? Our recommendation is to install Security Updates on all Exchange Servers and all servers and workstations running the Exchange Management Tools to ensure compatibility between management tools clients and servers.
This post might receive future updates; they will be listed here (if available).