Security Updates Exchange 2013-2019

Exchange2019LogoA quick blog on recently published security updates for Exchange Server 2013 up to Exchange Server 2019. These fixes address the following vulnerabilities:

  • CVE-2019-1373: Microsoft Exchange Remote Code Execution Vulnerability

The CVE documents contain more details on the vulnerabilities. The exploits can be fixed by single security update, which you can find in the table below per current Exchange version.

Exchange 2019 CU3Download15.2.464.7 KB4523171KB4515832
Exchange 2019 CU2Download15.2.397.9 KB4523171 KB4515832
Exchange 2016 CU14Download15.1.1847.5 KB4523171 KB4515832
Exchange 2016 CU13Download15.1.1779.7 KB4523171 KB4515832
Exchange 2013 CU23Download15.0.1497.4 KB4523171 KB4509409

Be advised that the Security Updates for Exchange 2013-2019 are Cumulative Update level specific. Unfortunately, the security update carries the same name for different CUs, and you cannot apply the update for Exchange 2016 CU14 to Exchange 2016 CU13. I would suggest tagging the Cumulative Update in the file name when you store it, e.g. Exchange2016-CU14-KB4523171-x64-en.msp.

As with any patch or update, I’d recommend to apply this in a acceptance environment first, prior to implementing it in production.

6 thoughts on “Security Updates Exchange 2013-2019

  1. The Exchange 2013 CU23 version of this security update broke the eDiscovery PST Export Tool for us. When it would actually start exporting to a .pst file, it stops with the error message ‘FailedToLoadStatus’ instead.

    The solution is this: if you search for the file called “” under your user profile, under AppData, you will find several versions of it (assuming you used the PST Export Tool before this security update was installed on your Exchange Server). If you look at their properties, specifically their versions, the most recent one (included with this patch) will be 15.0.1497.4. What you need to do is find a copy of an earlier version of this dll under your AppData (for example 15.0.1497.0, which is the CU23 version), and replace/overwrite all instances of the 15.0.1497.4 version with it (still under AppData). Then you can just start the tool again, and it will work.


  2. Robert, thank you so much for sharing this solution! Worked great on our Exchange 2016 CU15. Only difference is I changed out the DLL files in the Exchange “bin” folder on the server. I renamed the newer file, replaced it with the earlier version, and no more error.


  3. Thank you Robert, I’ve been looking all day for a fix to this. It figures you never notice something like being broke after a CU until it’s an urgent request.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.