Microsoft has released new security updates for Exchange Server 2016 and Exchange Server 2019 today. The update closes the remote execution vulnerability CVE-2023-36778 and offers a better solution for the weak point CVE-2023-21709 from August. There were problems with the August security update and the update was temporarily recalled. The update from October for CVE-2023-36434 for Windows Server now provides a better solution than disabling the IIS Token Cache Module. This was done with the August update and may have led to a loss of performance. The IIS Token Cache can therefore be reactivated after installing the Windows updates.
Click here to go directly to the updates:
After installing the October Windows Updates, the IIS Token Cache module can be reactivated with the following command:
New-WebGlobalModule -Name "TokenCacheModule" -Image "%windir%\System32\inetsrv\cachtokn.dll"
Here is another graphic from the Exchange Team Blog which illustrates the update process:
Source: Released: October 2023 Exchange Server Security Updates