The latest Exchange Server updates improve the security of PowerShell payloads and add a known issue.


Along with the latest Patch Tuesday updates for Windows devices, Microsoft has also released January 2023 updates for Exchange Server. This rollout covers Exchange Server 2013, 2016, and 2019, with improvements and security patches available across the board.

Outlook Mail opens on a laptop screen with Exchange on the left.

The latest security updates (SUs) fix several security issues that were either discovered by Microsoft itself or reported privately by partners. Says the Redmond tech giant that it found no evidence to suggest that these vulnerabilities were being exploited in the wild. Can download SUs from you. Update the catalog. Or via the links below:

  • Exchange Server 2013 CU23 (Support and updates will end on April 11, 2023)
  • Exchange Server 2016 CU23
  • Exchange Server 2019 CU11 And CU12

Microsoft has also highlighted a major improvement in its defense perimeter by enabling certificate-based signing of PowerShell serialization payloads. The company explains that:

Serialization is the process of converting the state of an object into a format (stream of bytes) that can be persisted or transferred to memory, a database, or a file. PowerShell, for example, uses serialization (and its counterpart deserialization) when passing objects between sessions. We added certificate-based signing of PowerShell serialization payloads to the January 2023 SUs to defend Exchange servers against attacks on serialized data. In the first phase of the rollout, this new feature must be manually enabled by the Exchange Server administrator due to feature dependencies. This article Details the steps to enable certificate-based signing of serialization data in Exchange Server. We have also released one Scripts You can use or you can use to validate/generate authentication certificate required in your organization. Do it manually.

Microsoft emphasizes that you should enable certificate-based signing only after installing the January 2023 SUs on all your Exchange Server instances. If you enable it before then, you may experience failures in your workflow. For now, this feature needs to be enabled manually but Microsoft will turn it on by default in a future update.

Interestingly, these updates also introduce a known issue. Basically, web page previews for shared URLs in Outlook Web App (OWA) will not render correctly. Microsoft says it will fix the issue in a “future update,” but it’s not clear when.


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *