Released: June 2023 Exchange Server Security Updates

Microsoft has released the monthly security update (June 2023) for Exchange Server. This update will mitigate the security issues found in Exchange Server 2016 and Exchange Server 2019. This set of updates focuses on the vulnerability fixes that were found in the month of June. To install this update, you need to have the following minimum versions.

• Exchange Server 2016 with Cumulative Update 23
• Exchange Server 2019 with Cumulative Update 12 and 13

Although the Exchange Server 2016 is supported, older installations of the same version without the mentioned minimum Cumulative Update are out of support and should be upgraded as soon as possible. Since Cumulative Update 11, Exchange Server 2019 is not supported anymore. It is important to install the new Cumulative Update 12 or 13.

If you have an older Cumulative Update installed, do not just install the latest one as it might not be compatible. You need to install another version before jumping to the latest one as this might cause complications. So, first confirm the supported Cumulative Update with the currently installed one.

Exchange Server 2013 is out of support and no more vulnerability testing is done on the version. It is vulnerable since April 2023. The best way is to either migrate to Exchange 2019 (which can coexist) or to Exchange Online on Office 365.

If you need more information on the Common Vulnerabilities and Exposures (CVE) released by Microsoft, you can do so by going to the Security Update Guide and filter by Exchange Server in the Product Family filter.

How to Install the Exchange Server Security Updates (June 2023)?

The installation is straight forward. However, some steps need to be taken to ensure that the installation is correct. If there is any issue, you have some backup.

1. You need to first find a maintenance window to perform the installation as this would take some time depending on the performance of the server and will stop the services for some time. Then, take a backup prior to the installation of the update or the Cumulative Update, if required.
2. Since this might be impacted by other installations or applications, it’s best to disable or pause such applications. These include:
   • Antivirus scheduled scans
   • Automatic Updates
   • Backups
   • Vulnerability or inventory scans
3. Once this is set and the business is informed of the maintenance window, you can go ahead with the installation of the required updates. Once the updates are installed and a restart is done (if required), you can run the Exchange Server Health Checker script. It’s ideal to get more information on the health status of the server, after such an update.
4. Once the script is downloaded, you can run it by using the below command.

HealthChecker.ps1

• This will run against the current server. If you want to run it against a particular server or servers, you need to use the below command.

HealthChecker.ps1 -Server <server name>,<server name>,<server name>

• The below is a sample of the output from the command.

Note: It’s important to run the Exchange Server Health Checker script after each Cumulative Update installation to identify any encountered issues. For more detailed information check How to Install Exchange 2013/2016/2019 Cumulative Updates article.

What if something goes wrong?

It’s important that when you install such updates, you need to understand the requirements and the needs to install the updates. In Exchange Server, forcibly installing an update can result in catastrophic failures where services would not start or function properly. In addition, there could be various reasons that may result in an installation failure, such as third-party applications interfering with the installation, hardware failure, software failure, and human error.

When a Cumulative Update (CU) is interrupted abruptly, there could be consequences. You might end up with issues in the Exchange Server installation or even corruption in the transaction logs or the database itself. Due to this, the Exchange Server services would not load or the database/s would not mount.

In such cases, applications such as Stellar Repair for Exchange can come in handy. With this application, you can open corrupt EDB file of any size, from any version of Exchange Server. You can browse through the database/s and export the recovered database to PST, a live Exchange Server database, or an Office 365 tenant.