MicrosoftKB5029388Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 (KB5029388)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.7%
Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 (KB5029388)
NoticeWe have re-released the Exchange Server 2019 and 2016 August 8, 2023, security update (SU) to address the localization issue that caused installations on non-English operating systems (OS) to fail. You can find the re-released version of the SU here: <https://support.microsoft.com/help/5030524>The SU will also soon be available through Microsoft Update / Windows Update. For more information about the re-release, see this Exchange Team Blog article.
Original article content
This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE)
**Note:**Please follow the instructions in the Microsoft Security Response Center (MSRC) article to address the vulnerability.
- CVE-2023-38185 - Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-35368 - Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-38182 - Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-35388 - Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-38181 - Microsoft Exchange Server Spoofing Vulnerability
Issues that are fixed in this update
- DST settings are inaccurate after an OS update
- Microsoft Exchange replication service repeatedly stops responding
- Chinese coded characters arenβt supported in Exchange Admin Center
- External email address field doesnβt display the correct username
Features introduced in this update
- Enable support for AES256-CBC-encrypted content in Exchange Server August 2023 SU
Known issues in this update
- When you install this security update on a Windows-based server that is running a non-English operating system version, Setup suddenly stops and rolls back the changes. However, the Exchange Server services remain in a disabled state. For more information, see Exchange Server 2019 and 2016 August 2023 security update installation fails on non-English operating systems.
- Users in an account forest who install this security update might not be able to change their expired password by using Outlook on the web in an Exchange deployment in a multi-forest topology (Account-Resource or Resource-Resource). For more information, see Users in account forest canβt change expired password in OWA in multi-forest Exchange deployments after installing August 2023 SU.
Enabling Extended Protection in Exchange Server
To enable Extended Protection on Exchange-based servers, see Extended Protection enabled in Exchange Server (KB5017260).
How to get and install the update
This update is superseded by version 2 of the security update for Microsoft Exchange Server 2019 and 2016. For more information, see the βKnown issues in this updateβ section in this article.
More information
Security update deployment information
For deployment information about this update, see Deployments - Security Update Guide.
Security update replacement information
This security update replaces the following previously released updates:
- Description of the security update for Microsoft Exchange Server 2019: June 13, 2023 (KB5026261)
- Description of the security update for Microsoft Exchange Server 2016: June 13, 2023 (KB5025903)
File information
File hash information
| Update Name | File name | SHA256 hash | |
|---|---|---|---|
| Exchange Server 2019 Cumulative Update 13 SU2 | Exchange2019-KB5029388-x64-en.exe | AB47764A566A5555474BFF3AB3FDE03DC47C5E31B35B6BA196E25D9FBBD7DA48 | |
| Exchange Server 2019 Cumulative Update 12 SU9 | Exchange2019-KB5029388-x64-en.exe | 5539D00A4721AFF37AD804AA899B267D0F480039015745C15265D998D0338B18 | |
| Exchange Server 2016 Cumulative Update 23 SU9 | Exchange2016-KB5029388-x64-en.exe | 622C0D5441E1484A5FD5BE7438689E1D7722542A4B93ECF1A108214A9346C678 |
Hashes for additional languages
The hash tables for additional languages are available here:
- Hash tables for Exchange Server 2019 CU13 SU2 (KB5029388)
- Hash tables for Exchange Server 2019 CU12 SU9 (KB5029388)
- Hash tables for Exchange Server 2016 CU23 SU9 (KB5029388)
Information about protection and security
Protect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.7%