January 2023 Exchange Server Security Updates

Microsoft Exchange Servers security updates have been released for January 2023.

These updates are available for the following specific versions of Exchange Server:

Exchange Server 2013 CU23 SU19
Exchange Server 2016 CU23 SU5
Exchange Server 2019 CU11 SU9 & CU12 SU5

The recommendation is to install these updates immediately to protect your environment.
In the scenario where you do a Cumulative Update(CU), you need to make security updates. Otherwise, remember that you have to do the Cumulative Update(CU) first and then the Security Update(SU).

Inventory your Exchange Servers to determine which updates –> “Exchange Server Health Checker
Choose your current CU and your target CU to get directions –>  “Exchange Update Wizard
If you encounter errors during or after installation of Exchange Server –> “Exchange Setup Assist

Recommended Action :

  • Enable certificate signing of Powershell serialization payload
  • To defend Exchange Servers against attacks on serialized data, added certificate-based signing of PowerShell serialization payloads.
  • If you have a server running Microsoft Exchange Server 2013 in your environment, we recommend that you don’t turn on serialization payload signing for now.
  • In the first stage of rollout, this new feature must be manually enabled by an Exchange Server admin due to feature dependencies.
  • You can use to validate/create the required auth certificate

 

Note: Don't double-click the 'MSP file' to run it. Run Command Prompt (not Powershell) as an Administrator.

 

Have a nice day!

Issue fix “MicrosoftExchangeServiceHost” Crash : March 2022 Security Update

Some Exchange systems after installing the March 2022 Security Update, you may receive errors related to the “Microsoft Exchange Service Host” service may crash repeatedly.

Event ID 4999 (Application Log)
Watson report about to be sent for process id: 4564, with parameters: E12IIS, c-RTL-AMD64, 15.01.2375.024, M.Exchange.ServiceHost, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.LoadType, M.E.Diagnostics.BlockedDeserializeTypeException, c0e9-dumptidset, 15.01.2375.024.

Root Cause; If there are any expired certificates or certificates nearing expiration on the Exchange Server.
Workaroud; Replace any expired certificates and, if you are on Exchange Server 2016 or Exchange Server 2019, follow these steps:

  • Must have temporary full access to the arbitration mailbox
    Get-Mailbox -Arbitration "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" | Add-MailboxPermission -User AdminAccount -AccessRights FullAccess
  • Run the Remove Expiry Notification script from Exchange Management Shell (user with full permission assigned to arbitration mailbox)
    Remove-CertExpiryNotifications.ps1 -Server ExchangeServer -Confirm:$false
  • Check all the messages are deleted , again run script it should report that there are no messages present in the folder
    Remove-CertExpiryNotifications.ps1 -Server ExchangeServer -WhatIf
  • Start the MSExchangeServiceHost service and confirm that it is not crashing
  • Revoke the full access permission
    Get-Mailbox -Arbitration "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" | Remove-MailboxPermission -User AdminAccount -AccessRights FullAccess
  • Renew any certificates that expire

Have a nice day !

March 2022 Exchange Server Security Updates

Microsoft Exchange Servers security updates have been released for March 2022.

These updates are available for the following specific builds of the Exchange Server:

Exchange Server 2013 CU23
Exchange Server 2016 CU21 and CU22
Exchange Server 2019 CU10 and CU11

The recommendation is to install these updates immediately to protect your environment.
You can installation security patches if you are in the specified Cumulative Update(CU) versions.

If you aren’t in the specified cumulative updates, you must first installation cumulative updates.

Note : Don't double-click the 'MSP file' to run it. Run Command Prompt (not powershell) as an Administrator.

Further Information and Guidance
Exchange Team Blog
Exchange Updates Step-by-Step Guide
Determine Which Updates are Needed
Security Update Guide

Have a nice day !

May 2021 Exchange Server Security Updates

Microsoft Exchange Servers security updates have been released for May 2021.

These updates are available for the following specific builds of Exchange Server:

Exchange Server 2013 CU23
Exchange Server 2016 CU19 and CU20
Exchange Server 2019 CU8 and CU9

Recommendation is to install these updates immediately to protect your environment.
You can installation security patches if you are in the specified Cumulative Update(CU) versions.

If you aren’t in the specified cumulative updates, you must first installation cumulative updates.

Note : Don't double-click the 'MSP file' to run it. Run Command Prompt (not powershell) as an Administrator.

Further Information and Guidance
Exchange Team Blog
Vulnerabilities and Exposures
Security Update Guide
Cumulative Update “Tell me the steps

Have a nice day!