KB5019758 Security Update for Exchange Servers – released 8th November

KB5019758 is the latest security update for Exchange Servers. These security updates were released on 8th November 2022. This security update comes after KB5019076 and KB5019077 security updates were released on 11th October 2022. We look at some fundamental aspects of Exchange Servers’ security updates below.

KB5019758 – Important points about Exchange Servers security update

  • KB5019758 is November month’s security update. This is a standalone update. All the previous updates should have been deployed on Exchange Servers for complete security coverage.
  • KB5019758 is available for Exchange Servers 2019 (Cumulative Updates 11 and 12), Exchange Server 2016 (Cumulative Updates 22 and 23), and Exchange Server 2013 (Cumulative Update 23).
  • KB5019758 resolves 6 vulnerabilities that have been disclosed in Microsoft’s November security bulletin. Details of these vulnerabilities are shared below in brief.

Installing KB5019758 on Exchange Servers

KB5019758 can be applied automatically through the Windows Update program on the Exchange Servers.

You can also install KB5019758 manually. For manual deployments, you can use the Microsoft Update Catalog or the installer files from the Microsoft Download Center. We share the direct download links of the offline installer files for Exchange Servers below.

Download MSU update files

The MSU update files are offline installer files that can be downloaded from the Microsoft Update Catalog page for KB5019758. The direct download links for these installer files are shared below.

Exchange Server versionDownload updateUpdate size
Exchange Server 2019 Cumulative Update 12Download KB5019758153.9 MB
Exchange Server 2019 Cumulative Update 11Download KB5019758153.7 MB
Exchange Server 2016 Cumulative Update 23Download KB5019758150.5 MB
Exchange Server 2016 Cumulative Update 22Download KB5019758150.3 MB
Exchange Server 2013 Cumulative Update 23Download KB501975883 MB

Download KB5019758 as an executable file

The following direct download links can be used to download executable files for Exchange Server KB5019758. These updates will be downloaded from the Microsoft Download Center.

Exchange Server versionDownload update
Exchange Server 2019 Cumulative Update 12Download KB5019758
Exchange Server 2019 Cumulative Update 11Download KB5019758
Exchange Server 2016 Cumulative Update 23Download KB5019758
Exchange Server 2016 Cumulative Update 22Download KB5019758
Exchange Server 2013 Cumulative Update 23Download KB5019758

Supported operating systems for KB5019758 Exchange Server security update

We look at the operating systems that are supported by KB5019758 security updates for Exchange Servers

Exchange Server versionSupported operating systems
Exchange Server 2019 Cumulative Update 12Windows Server 2019
Exchange Server 2019 Cumulative Update 11Windows Server 2019
Exchange Server 2016 Cumulative Update 23Windows Server 2016, Windows 10, Windows Server 2012 R2, Windows Server 2012, Windows 8.1
Exchange Server 2016 Cumulative Update 22Windows Server 2016, Windows 10, Windows Server 2012 R2, Windows Server 2012, Windows 8.1
Exchange Server 2013 Cumulative Update 23Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2012

Security vulnerabilities on Exchange Servers – KB5019758

KB5019758 was released to mitigate the following threats:

VulnerabilitySeverityCVSS scoreImpact
CVE-2022-41040CRITICAL8.8Elevation of Privilege
CVE-2022-41082CRITICAL8Remote Code Execution
CVE-2022-41078CRITICAL8Spoofing vulnerability
CVE-2022-41123CRITICAL7.8Elevation of Privilege
CVE-2022-41080CRITICAL8.8Elevation of Privilege
CVE-2022-41079CRITICAL8Elevation of Privilege