Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
The updates fix the following vulnerabilities;
- CVE-2023-21707: Remote Code Execution Vulnerability
The vulnerability isn’t currently publicly disclosed nor exploited. However, it is rated as “Exploitation More Likely” so make sure you update as soon as possible!
In addition, the Exchange Team highlights the fix for Outlook vulnerability CVE-2023-23397, and the availability of a script to analyze whether mailboxes have been targeted by potentially malicious messages.
The updates also contain the following non-security issues;
- You can’t access Toolbox on Exchange after enabling EnableSerializationDataSigning
- EEMS stops responding after TLS endpoint certificate update
- Get-App and GetAppManifests fail and return an exception
- EWS does not respond and returns an exception
- An exception is returned while opening a template in the Exchange Toolbox