Do Not Install the February 2023 Exchange Server Security Updates via Windows Update

Wednesday, February 15, 2023

Microsoft released the February 2023 Exchange Server Security Updates yesterday, February 14, via Windows Update and on their website. The website links to the correct files for the February 2023 Security Updates, but Windows Update currently is deploying the January 2023 Security Update CAB file for Exchange Server 2013, 2016, and 2019. 

For this reason, install the February updates from the hyperlinks listed in the EHLO Blog post, not Windows Update. If you did already install the Exchange Security Updates via Windows Update, download the files directly and reinstall them on all your servers. Then check the version with the HealthChecker.ps1 script.

UPDATE: Microsoft just said, "We've fixed the issue, so it's safe to install the SU from MU/WU again. Apologies for the inconvenience." According to Microsoft, customers who already installed the February SU via Windows Update can either install it again via Windows Update or download the update from the web and install it.

For further details, keep reading.

Several of my customers installed the Security Update For Exchange Server CU23 SU6 (KB5023038) on multiple servers via Windows Update. These servers include Exchange Server 2013, 2016, and 2019.

Windows Update history shows the February 2023 KB5023038 update has been installed, but HealthChecker.ps1 reports the servers are still on the January 2023 KB5022143 SU. 

Checking the registry,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Exchange v15\DisplayVersion says the Exchange build is 15.1.2507.18 (not listed here, but should be 15.1.2507.21). 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Patch\DisplayName says “Security Update for Exchange Server 2016 Cumulative Update 23 (KB5022143)” 

When you run Windows Update again, it says no updates are pending.

When I view the C:\Windows\SoftwareDistribution\Download folder I see a folder named f664b5c67010fa70659624355017ed43 with the date and time when Windows Updates were applied.

Inside that folder is the which is the January 2023 Exchange Security Update, proving that Windows Update is pushing the wrong SU.

Installing the February 2023 Exchange Security Updates from the published download pages installs the correct SU. Verify with the HealthChecker script.

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.