In an unforeseen turn of events, software giant Microsoft had to withdraw the August security updates for its Exchange Server from Windows Update. This decision was made in response to the discovery that these updates disrupt Exchange on non-English installs, creating severe issues for users.
We are aware of Setup issues on non-English servers and have temporarily removed August SU from Windows / Microsoft update. If you are using a non-English language server, we recommend you wait for the deployment of August SU until we provide more information. Please see Known Issues below for more information, notes Microsoft.
A Bumpy Patch Tuesday
The incident took place on August 8th, the day of the monthly Patch Tuesday for 2023. Microsoft had released new security updates for the Exchange Server. These updates were designed to fix six different vulnerabilities, including four remote code execution flaws, one elevation of privileges flaw, and a spoofing vulnerability that could be manipulated for an NTLM Relay Attack.
However, serious problems arose when Microsoft Exchange administrators started implementing the updates on non-English servers. Following the installation, the Exchange Windows services ceased to start, rendering the system inoperable.
Response from Microsoft
Microsoft promptly updated the August 2023 Exchange Server Security Updates bulletin to caution users about the issue. The company also temporarily removed the updates from Windows and Microsoft Update for further investigation. They advised the users of non-English language servers to hold back deployment until further notice.
Delving deeper into the problem, a support article described the root cause as an issue with localization in the Exchange Server’s August 2023 SU installer. This issue arose while installing the updates on non-English operating systems, effectively stopping the installer and rolling back changes. This unfortunate sequence left Windows services of the Exchange Server in a disabled state.
An Interim Solution
For those affected by the faulty update, Microsoft offered a temporary solution to enable Windows servers and restart the Exchange Server. This solution entailed resetting the service state through a PowerShell script if users already tried installing the SU. Following this, a computer restart and account creation in Active Directory (AD) were necessitated. After allowing time for AD replication, users were advised to restart the Exchange Server SU installation.
Additionally, after the successful installation, users were required to run specific commands as directed by Microsoft. Restarting the Exchange server after following the instructions would lead to a successful installation, after which the temporary AD account created could be safely deleted.
So, for those running their servers on English language installs, the need of the hour is to download and install the updates to fend off the disclosed vulnerabilities. These unforeseen complications underline the complexity of maintaining a global software system and solving real-world cybersecurity threats simultaneously. It also underscores the pivotal role of software updates, even when they might cause temporary disruption.