SU | Jaap Wesselius

Wait, what? On April 23, 2024 Microsoft has released a hotfix update for Exchange 2016 and Exchange 2019 and as MVP’s we only learned about this last week.

A hotfix update or HU contains fixes for issues that might arise with a security update in Exchange server. For example, the March 2024 SU for Exchange server introduced a number of issues, and these are fixed with this HU. Besided hotfixes, a HU can also contain new features that did not make it in the last security update (SU) or Cumulative Update (CU). In this HU for example, Hybrid Modern Authentication for OWA and ECP is introduced as a new feature. Another new feature introduced in this HU is the support for ECC (Elliptic Curve Cryptography) certificates. ECC certificates however are not supported for the federation trust certificate, the Exchange server OAuth certificate and ECC certificates cannot be used when ADFS claims-based authentication is used.

The following issues are fixed in this HU:

“We can’t open this document” error in OWA after installing March 2024 SU
Search error in Outlook cached mode after installing March 2024 SU
OwaDeepTestProbe and EacBackEndLogonProbe fail after installing March 2024 SU
Edit permissions option in the ECP can’t be edited
Outlook doesn’t display unread message icon after installing Exchange Server March 2024 SU
My Templates add-in doesn’t work after installing Exchange Server March 2024 SU
Download domains not working after installing the March 2024 SU

You can download this hotfix update for Exchange server here:

Exchange 2019 CU14 HU2 – https://www.microsoft.com/en-us/download/details.aspx?id=106021
Exchange 2019 CU13 HU6 – https://www.microsoft.com/en-us/download/details.aspx?id=106022
Exchange 2016 CU23 HU13 – https://www.microsoft.com/en-us/download/details.aspx?id=106023

Be aware that the filename for all versions of this HU is the same (Exchange2019-KB5037224-x64-en.exe) so when downloading multiple versions make sure you store them at different locations.

A hotfix update is cumulative and includes all security features and fixes from the previous security updates. When running Exchange 2019 CU14 and you have not installed the March 2024 security update then there’s no need to install this first. Just continue with the immediate installation of this HU.

More information

Released: April 2024 Exchange Server Hotfix Updates – https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536
Hotfix update for Exchange Server 2019 and 2016: April 23, 2024 (KB5037224) – https://support.microsoft.com/en-us/topic/hotfix-update-for-exchange-server-2019-and-2016-april-23-2024-kb5037224-35eddea8-4828-4e38-b462-db89ea1100c9

On June 13, 2023 Microsoft has released Security Updates for:

Exchange 2019 CU13
Exchange 2019 CU12
Exchange 2016 CU23

There are no Security Updates released for older versions of Exchange 2016 and Exchange 2019, these are the only supported versions. There are also no Security Updates for Exchange 2013 since this is completely out-of-support. If you are still running on Exchange 2013 you must seriously consider upgrading to Exchange 2019 or Exchange Online.

The following vulnerabilities are addressed with these Security Updates:

Vulnerability	Impact	Severity
CVE-2023-28310	Remote Code Execution	Important
CVE-2023-32031	Remote Code Execution	Important

More information regarding CVE’s can be found in the Security Update Guide.

The Security Update downloads en knowledgebase articles can be found here:

Exchange version	Download	KB article
Exchange 2019 CU13	https://www.microsoft.com/en-us/download/details.aspx?id=105280	KB5026261
Exchange 2019 CU12	https://www.microsoft.com/en-us/download/details.aspx?id=105281	KB5026261
Exchange 2016 CU23	https://www.microsoft.com/en-us/download/details.aspx?id=105282	KB5025903

Some remarks about these Security Updates:

When possible, try to run the latest Cumulative Update for Exchange 2016 or Exchange 2019.
Exchange Security Updates are cumulative, so a Security Update contains all fixes that were released in earlier Security Updates (for a specific Exchange Cumulative Update).
Exchange Security Updates are specific for an Exchange Cumulative Update, so you cannot install an Exchange Security Update for Exchange 2019 CU13 on an Exchange 2019 CU12 server.
Security Updates must be installed on hybrid servers as well, even if there are no mailboxes anymore on these hybrid servers.
If you have a management server with only the Exchange server management tools installed, you must install Security Updates as well.
Of course, test Security Updates in a test environment first.
Use the Microsoft Exchange Healthchecker script (https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/) to check the status of your Exchange server and if additional actions are needed.