Exchange 2019, 2016 and 2013 Security Updates for January 2023

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

The updates fix the following vulnerabilities;

None of the vulnerabilities are currently publicly disclosed or exploited. However, CVE-2023-21745 is rated as “Exploitation More Likely” so make sure you update as soon as possible!

From the above vulnerabilities, Exchange 2013 is only affected by CVE-2023-21762. Note however that Exchange 2013 will go out of support on April 11, 2023 so make sure you have your migration plan in order to remain supported.

This release introduces a new feature called; Certificate signing of PowerShell serialization payload in Exchange Server. In short, this helps defend Exchange servers against attacks on serialized data. This feature must be enabled manually but there is a script available for it as well.

The updates also contain the following non-security issues;

View: Exchange Blog: Released: Released: January 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019: January 10, 2023 (KB5022193)
View: Description of the security update for Microsoft Exchange Server 2016: January 10, 2023 (KB5022143)
View: Description of the security update for Microsoft Exchange Server 2013: January 10, 2023 (KB5022188)

Download: Security Update for Exchange 2019 CU11 and CU12
Download: Security Update for Exchange 2016 CU23
Download: Security Update for Exchange 2013 CU23