September 2023 release of new Exchange Server CVEs (resolved by August 2023 Security Updates)

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

You may have noticed there were several new Exchange Server CVEs that were released today (a part of September 2023 ‘Patch Tuesday’). If you haven’t yet, you can go to the Security Update Guide and filter on Exchange Server under Product Family to review CVE information.

The CVEs released today were actually addressed in the August 2023 Exchange Server Security Update (SU). Due to the timing of validation of those fixes and release dates, we decided to release the CVEs as a part of September 2023 ‘Patch Tuesday’ release cycle. We know that many customers are accustomed to checking for Microsoft security releases on the second Tuesday of every month, and we did not want these CVEs to go unnoticed.

To summarize:

  • The Exchange Server CVEs released today can be addressed by installing the August 2023 SU.
  • There is no separate Exchange Server SU for September 2023. If you have not yet installed the August 2023 SU, please do so now.
  • We have updated the Exchange Health Checker to reflect today’s CVEs. Remember to run Health Checker often to ensure that no additional steps are needed in your environment.

The Exchange Server Team

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.