August 2023 Exchange Server Security Updates

Hello All

Microsoft released several Security Updates (SUs) for Microsoft Exchange Server to address vulnerabilities. Due to the critical nature of these vulnerabilities, MS  recommend that customers apply the updates to affected systems immediately to protect the environment.

These Security Updates are available for the following specific versions of Exchange:

Exchange Server 2016 (CU23)

Exchange Server 2019 (CU12, CU13)

THIS SECURITY PATCH NOT APPLICABLE TO CU 22  OR BELOW ON EXCHANGE SERVER 2016

EITHER YOU NEED TO UPGRADE TO CU23 FOR EXCHANGE 2016 

you download the package the link below

https://support.microsoft.com/en-gb/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-and-2016-august-8-2023-kb5029388-86b365c0-21f1-4a10-a68c-a095536f0171

Additional Steps needed to address CVE-2023-21709

To address CVE-2023-21709, administrators must perform additional actions and can run the CVE-2023-21709.ps1 script that we have released. The script and its documentation can be found here. We have validated the script and CVE resolution on supported versions of Exchange Server only. We recommend updating to August SU first and then running the script.

Script Link and Syntax

https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-21709/

Examples:

This syntax removes the TokenCacheModule from all Exchange servers within the organization.

.\CVE-2023-21709.ps1

This syntax removes the TokenCacheModule from ExchangeSrv01 and ExchangeSrv02.

.\CVE-2023-21709.ps1 -ExchangeServerNames ExchangeSrv01, ExchangeSrv02

This syntax removes the TokenCacheModule from all Exchange servers within the organization except ExchangeSrv02.

.\CVE-2023-21709.ps1 -SkipExchangeServerNames ExchangeSrv02

This syntax restores the TokenCacheModule on all Exchange servers within the organization.

.\CVE-2023-21709.ps1 -Rollback

Known Issues for Non-English Operating Systems

https://support.microsoft.com/en-gb/topic/exchange-server-2019-and-2016-august-2023-security-update-installation-fails-on-non-english-operating-systems-ef38d805-f645-4511-8cc5-cf967e5d5c75#:~:text=When%20you%20install%20the%20Microsoft,remain%20in%20a%20disabled%20state.