Microsoft’s Exchange Team announced the release of August 2025 Security Updates (SUs) for Exchange Server Subscription Edition (SE), Exchange Server 2019, and Exchange Server 2016. These Exchange Server updates address vulnerabilities discovered through both responsible disclosure from security partners and Microsoft’s own security investigations.
While there have been no reports of active exploitation, Microsoft recommends administrators immediately install these updates to safeguard mail environments and ensure continued compliance.
Supported and Affected Versions
Security Updates are available for these Exchange versions:
-
Exchange SE RTM (download link)
-
Exchange Server 2019 Cumulative Update 14 (download link)
-
Exchange Server 2019 Cumulative Update 15 (download link)
-
Exchange Server 2016 Cumulative Update 23 (download link)
For more technical details and official downloads, refer to the original Exchange Team Blog post.
Vulnerabilities and CVEs Addressed
The August 2025 updates remediate several important vulnerabilities, including:
-
CVE-2025-25005: Tampering (CVSS: 6.5)
-
CVE-2025-25006, CVE-2025-25007: Spoofing (CVSS: 5.3)
-
CVE-2025-33051: Information Disclosure (CVSS: 7.5)
-
CVE-2025-53786: Recent vulnerability disclosed, fixes are included in this release
For a full breakdown, visit the Microsoft Security Update Guide and filter for “Server Software.”
Are These Security Updates Cumulative?
Yes. Exchange Security Updates (SUs) are cumulative by design—meaning you only need the current SU for your installation’s Cumulative Update (CU) level. There’s no need to install older missed SUs if you’re current on the CU supported by the latest SU. More information is available in Microsoft’s Exchange update FAQ.eightwone+1
Feature Update: AMSI Body Scanning Enabled by Default
A significant security enhancement in this update is Automatic enabling of Antimalware Scan Interface (AMSI) HTTP message body scanning for all protocols. This builds on changes introduced in the November 2024 SU and provides deeper, real-time protection against web-based threats in mail flow.
Read Microsoft’s official docs on Exchange AMSI integration and how to disable body scanning if you encounter performance issues.
Steps to Apply the August 2025 SU
-
Inventory Your Servers:
Run the Exchange Server Health Checker script to verify which servers or workstations require updates. -
Choose and Download the Proper Update:
Use the Exchange Update Wizard to determine the correct CU and SU for your deployment. -
Install the Update:
Apply the latest CU if required, then the SU. Rerun the Health Checker to verify a clean installation. -
Troubleshooting:
-
Use the SetupAssist script for error recovery.
-
Consult Microsoft’s guide for repairing failed installations.
-
For “file version errors,” see this solution.
-
For full support articles and up-to-the-minute troubleshooting, see the Exchange Team’s official release post and FAQ.
Hybrid, Exchange Online & Management Tools
-
Exchange Online is Already Protected:
No further action is required for cloud mailboxes, but you still must apply the SU to on-premises Exchange servers—including those used solely for management. -
Hybrid Deployments:
After applying this SU, if you change authentication certificates, rerun the hybrid configuration wizard. Read Microsoft’s guidance on hybrid security changes. -
Management Tools Only:
All servers and workstations with the Management Tools role installed need the SU. For environments using the tools with no Exchange server present, refer to special Microsoft instructions for updating management tools without a running Exchange server.
Security, Compliance, and Best Practice Reminders
-
Test in Staging:
Microsoft recommends testing security updates in non-production before broad rollout—but with critical vulnerabilities, patch as soon as feasible. -
Review Documentation:
Some documentation may lag behind release. Monitor the Exchange Team Blog for updates and new troubleshooting guidance.
Sources & Further Reading
Administrators are strongly encouraged to review the cited links and Microsoft’s full documentation to guarantee smooth and secure deployments.
Be sure your organization stays current: Promptly install the August 2025 Exchange Server Security Updates to close vulnerabilities, maintain hybrid compatibility, and benefit from Microsoft’s latest anti-malware protections.
Related Posts
- LoRA Fine-Tuning Supercharges Phi Silica on Windows 11 for Better Kahoot! Quiz Generation
- All the Exciting New Features in Microsoft Intune July 2025: LAPS for Mac, Real-Time Apple Updates, and More
- Starting Today, Microsoft Rolls Out Free Windows Update (KB5062660) for Millions of Windows 11 24H2 Users
- GitHub Spark Public Preview Is Here: Copilot Pro+ Subscribers Can Now Build Full-Stack Apps with Natural Language
- SharePoint Zero-Day Attacks Surge: Over 400 Organizations Breached Amid Critical Microsoft Vulnerabilities
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.
