October 2023 Exchange Server Security Updates

Andres Bohren

2023-10-10

October 2023 Exchange Server Security Updates

Hi All,

It’s again Patchday and Microsoft has released Security Updates for Exchange 2016 and 2019.

Exchange Team Blog Released: October 2023 Exchange Server Security Updates

Updates:

The Token Cache will be fixed with the OS Updates for IIS.

Today, Windows team has released the IIS fix for root cause of this vulnerability, in the form of fix for CVE-2023-36434. We recommend installing the IIS fix after which you can re-enable Token Cache module on your Exchange servers.

I’ve downloaded the - Security Update For Exchange Server 2016 CU23 SU10 (KB5030877)

Run the Setup after downloading

After sucessfull installation you have to reboot the Server

Now let’s run the HealthChecker

After the Update, let’s run it again

We have two Warnings:

Extended Protection for OAB - (Current settings on Extended Protection causes Outlook for Mac to fail to download the OAB) there is an updated Script available.
TokenCacheModule - Can be reenabled after the OS Patches have fixed the IIS

Now it’s time to install the OS Patches for October 2023 and reboot the Server once again.

Now we can Reenable the TokenCacheModule

New-WebGlobalModule -Name "TokenCacheModule" -Image "%windir%\System32\inetsrv\cachtokn.dll"

I had to rerun the ExchangeExtendedProtectionManagement

.\ExchangeExtendedProtectionManagement.ps1

Now let’s run the HealthChecker again.

All is now in perfect shape. Happy updating.

Regards
Andres Bohren

Exchange Logo

Security Logo

Works as a Microsoft Cloud Engineer/Architect for midsize to large Enterprises. He has a special focus on M365 including Identity, Messaging, Communication, Security and PowerShell but also Azure Technologies. He is Co-Organisator of the <Microsoft 365 Community Schweiz> Meetup group and was Speaker at several other Meetups.

comments powered by Disqus