You may have noticed there were several new Exchange Server CVEs that were released today (a part of September 2023 ‘Patch Tuesday’). If you haven’t yet, you can go to the Security Update Guide and filter on Exchange Server under Product Family to review CVE information.
The CVEs released today were actually addressed in the August 2023 Exchange Server Security Update (SU). Due to the timing of validation of those fixes and release dates, we decided to release the CVEs as a part of September 2023 ‘Patch Tuesday’ release cycle. We know that many customers are accustomed to checking for Microsoft security releases on the second Tuesday of every month, and we did not want these CVEs to go unnoticed.
- The Exchange Server CVEs released today can be addressed by installing the August 2023 SU.
- There is no separate Exchange Server SU for September 2023. If you have not yet installed the August 2023 SU, please do so now.
- We have updated the Exchange Health Checker to reflect today’s CVEs. Remember to run Health Checker often to ensure that no additional steps are needed in your environment.
The Exchange Server Team