August 2023 Exchange Server Security Updates

Hi All,

It’s again Patchday and Microsoft has released Security Updates for Exchange 2016 and 2019.

• Exchange Team Blog Released: August 2023 Exchange Server Security Updates

• CVE-2023-21709 Microsoft Exchange Server Elevation of Privilege Vulnerability

You have to run a Script after the Installation to Address CVE-2023-21709.

The Update fails on Non-English Operating System. Workaround can be found here Exchange Server 2019 and 2016 August 2023 security update installation fails on non-English operating systems

I’ve downloaded the Security Update For Exchange Server 2016 CU23 SU9 (KB5029388)

Run the Setup after downloading

After sucessfull installation you have to reboot the Server

Now let’s run the HealthChecker

After the Update, let’s run it again

We have two errors: One for CVE-2023-21709 and the Internal Transport Certificate

Let’s fix this CVE-2023-21709.ps1

.\CVE-2023-21709.ps1

Let’s fix the Internal Transport Certificate

$newInternalTransportCertificateParams = @{
    Server               = $env:COMPUTERNAME
    KeySize              = 2048
    PrivateKeyExportable = $true
    FriendlyName         = $env:COMPUTERNAME
    DomainName           = $env:COMPUTERNAME
    IncludeServerFQDN    = $true
    Services             = "SMTP"
    Force                = $true
    ErrorAction          = "Stop"
}

New-ExchangeCertificate @newInternalTransportCertificateParams

Let’s check with the HealthChecker again

All is now in perfect shape. Happy updating.

Regards
Andres Bohren