Exchange 2019 and 2016 Security Updates for October 2023

Security updates have been released for Exchange 2016 and Exchange 2019.

The updates fix the following vulnerabilities;

  • CVE-2023-36778: Microsoft Exchange Server Remote Code Execution Vulnerability

None of the vulnerabilities are currently publicly disclosed nor exploited. However, it is rated as “Exploitation More Likely”, so make sure you update as soon as possible!

The updates also contain the following new feature and non-security issues;

Additionally, there is an new update released by the Windows Team which contains a better solution to address CVE-2023-21709 from last August. This is better known as the IIS Token Cache issue where you had to apply the update and disable the Token Cache module. This has now been addressed via CVE-2023-36434. For more info, see the Exchange blog post referenced below.

View: Exchange Blog: Released: October 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019 and 2016: October 10, 2023 (KB5030877)

Download: Security Update V2 for Exchange 2019 CU12 and CU13
Download: Security Update V2 for Exchange 2016 CU23.