Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Releases Exchange Server Updates to Improve Security of PowerShell Payloads

Microsoft has released yesterday the January 2023 Security Updates (SUs) for all supported versions of the Exchange Server. The latest updates aim to address critical security vulnerabilities that could allow attackers to gain system privileges in Exchange Server 2013, 2016, and 2019.

Microsoft also highlighted that the January 2023 updates for Exchange Server should improve the security for PowerShell payloads. The company has introduced a new feature that lets IT admins configure certificate-based signing of PowerShell serialization payloads. It’s designed to protect customers against cyber attacks on serialized data.

“Serialization is the process of converting the state of an object into a form (stream of bytes) that can be persisted or transmitted to memory, a database, or a file. PowerShell, for example, uses serialization (and its counterpart deserialization) when passing objects between sessions,” the Exchange team explained.

How to enable certificate signing of PowerShell serialization payload

Microsoft notes that it’s up to the IT admins to manually enable the certificate-based signing feature in Exchange Server 2013, 2016, and 2019. However, administrators will need to ensure that the January 2023 security updates are installed on all Exchange-based servers.

Additionally, Microsoft warned that those who turn on the feature before updating the servers might encounter deserialization failures or other problems. The Exchange team plans to enable certificate signing of PowerShell serialization payload by default in an upcoming update.

Microsoft has acknowledged a known issue with the latest Exchange Server security updates. Specifically, the bug causes rendering issues with web page previews for URLs shared in the Outlook Web App (OWA). The company has promised to deliver a fix in a future update, though there is no ETA yet.

Microsoft has also released new Patch Tuesday updates for Windows 10 and Windows 11 PCs. The January 2023 Patch Tuesday updates also marked the end of support for Windows 7 Extended Security Updates and Windows 8.1, and you can check out our separate post for more details.