October 2023 Exchange Server Security Updates

October 2023 Exchange Server Security Updates

Hi All,

It’s again Patchday and Microsoft has released Security Updates for Exchange 2016 and 2019.


The Token Cache will be fixed with the OS Updates for IIS.

Today, Windows team has released the IIS fix for root cause of this vulnerability, in the form of fix for CVE-2023-36434. We recommend installing the IIS fix after which you can re-enable Token Cache module on your Exchange servers.

I’ve downloaded the - Security Update For Exchange Server 2016 CU23 SU10 (KB5030877)

Run the Setup after downloading

After sucessfull installation you have to reboot the Server

Now let’s run the HealthChecker

After the Update, let’s run it again

We have two Warnings:

  • Extended Protection for OAB - (Current settings on Extended Protection causes Outlook for Mac to fail to download the OAB) there is an updated Script available.
  • TokenCacheModule - Can be reenabled after the OS Patches have fixed the IIS

Now it’s time to install the OS Patches for October 2023 and reboot the Server once again.

Now we can Reenable the TokenCacheModule

New-WebGlobalModule -Name "TokenCacheModule" -Image "%windir%\System32\inetsrv\cachtokn.dll"

I had to rerun the ExchangeExtendedProtectionManagement


Now let’s run the HealthChecker again.

All is now in perfect shape. Happy updating.

Andres Bohren

Exchange Logo

Security Logo