August 2025 Exchange Server Security Updates Released

The_Exchange_Team explains the August 2025 Security Updates for Exchange Server, offering guidance on installation, new AMSI features, update paths, and security best practices for on-premises and hybrid Exchange environments.

August 2025 Exchange Server Security Updates Released

Microsoft has published Security Updates (SUs) for the following Exchange Server versions:

• Exchange Server Subscription Edition (SE)
• Exchange Server 2019
• Exchange Server 2016

Available Update Versions

• Exchange SE (RTM): Download link
• Exchange Server 2019 Cumulative Updates: CU14, CU15
• Exchange Server 2016 Cumulative Update: CU23

Note: If the English download pages show “Hotfix Update” rather than “Security Update,” this is only a label issue and does not affect the actual update. Downloads will remain available to avoid confusion.

Vulnerabilities Addressed

The August 2025 SUs resolve vulnerabilities identified by both security partners and Microsoft’s internal processes. There are currently no reported active exploits, but immediate installation is strongly recommended to protect your environment.

• For CVE details, see the Security Update Guide (filter by Server Software).

Exchange Online customers are already protected; these updates apply to on-premises servers and management tool workstations.

AMSI Body Scanning Enabled by Default

Beginning with the November 2024 Security Update, Exchange integrated the Antimalware Scan Interface (AMSI) for scanning HTTP message bodies. As of the August 2025 SU, AMSI body scanning is enabled by default for all protocols.

• If you notice degraded performance after the update, consult the AMSI integration documentation for guidance on disabling AMSI body scanning.

Update Installation Guidance

1. Inventory Your Servers: Run the Exchange Server Health Checker script to determine which updates are needed and if any servers are behind.
2. Install the Latest CU: Use the Exchange Update Wizard to plan your upgrade path and execute the update process.
3. Re-run Health Checker: After updating, run the Health Checker again to confirm no further actions are required.
4. Troubleshooting:
   • For errors during or after installation, use the SetupAssist script.
   • See Repair failed installations of Exchange Cumulative and Security updates or File version error guidance if issues arise.

Frequently Asked Questions (FAQs)

Q: Does the August 2025 update address CVE-2025-53786?

• A: Yes, all SUs are cumulative. August 2025 SUs include the necessary components. For hybrid deployments, refer to Exchange Server Security Changes for Hybrid Deployments.

Q: Do hybrid organizations need to act?

• A: Yes, install SUs on all on-premises Exchange Servers, including management-only servers. If you change the authentication certificate after updating, re-run the Hybrid Configuration Wizard.

Q: Must all older SUs be installed in sequence?

• A: No, install the latest SU only if your CU is supported.

Q: Should SUs be installed on all Exchange Servers and management tools machines?

• A: Yes, to maintain compatibility. For management tools-only environments without Exchange servers, refer to this document.

Additional Information

• Documentation may not be immediately available at the time of publication; watch for updates in this post.

---

Authored by The_Exchange_Team (Profile)

This post appeared first on “Microsoft Tech Community”. Read the entire article here