Table of Contents
- Is Your Server at Risk? The Ultimate Guide to the Critical August 2025 Exchange Security Update.
- What Does This Update Fix?
- A New Security Feature is Now Active
- How to Install August 2025 Exchange Security Update
- Step 1: Check Your Systems
- Step 2: Install the Latest CU
- Step 3: Install the Security Update
- Step 4: Check Again
- What If You Run into Problems?
Is Your Server at Risk? The Ultimate Guide to the Critical August 2025 Exchange Security Update.
Your email server is a vital part of your business. It needs to be safe and secure. Microsoft has released an important security update for Exchange Server to help protect your information. This update, released in August 2025, is for users of Exchange Server 2016, Exchange Server 2019, and the new Exchange Server Subscription Edition (SE). If you use Exchange Online, you are already protected.
Microsoft recommends you install this update right away to keep your email environment secure.
What Does This Update Fix?
This security update patches several security holes that were found. These weaknesses could potentially allow attackers to cause problems. While Microsoft says it’s unlikely that anyone is actively using these flaws to attack systems, it is always better to be safe than sorry.
The specific vulnerabilities that this update addresses are:
- CVE-2025-25005: A tampering vulnerability.
- CVE-2025-25006: A spoofing vulnerability.
- CVE-2025-25007: Another spoofing vulnerability.
- CVE-2025-33051: An information disclosure vulnerability.
- CVE-2025-53786: A vulnerability affecting hybrid deployments.
These updates are available for specific versions of Exchange Server. You will need to be running one of the following to apply the patch:
- Exchange Server Subscription Edition (RTM)
- Exchange Server 2019 (CU14 or CU15)
- Exchange Server 2016 (CU23)
A New Security Feature is Now Active
Starting with this update, a new feature called AMSI (Antimalware Scan Interface) body scanning is turned on by default. This feature adds another layer of security by scanning the content of messages. It’s like having an extra security guard checking packages before they enter your building.
For most users, this will run smoothly in the background. However, if you notice that your server is running slower after the update, you have the option to turn this feature off. You can find instructions on how to do this in Microsoft’s official documentation.
How to Install August 2025 Exchange Security Update
Installing this security update is a straightforward process. The updates are cumulative, meaning the latest one includes all previous fixes. You don’t need to install a backlog of old updates; just install the newest one.
Here is a simple plan to get your servers updated:
Step 1: Check Your Systems
The first step is to run the Exchange Server Health Checker script. This tool will scan your servers and tell you exactly which ones need updating. It provides a clear report on the status of your Exchange environment.
Step 2: Install the Latest CU
Before you can apply the security update, you need to be on a supported Cumulative Update (CU). The Exchange Update Wizard is a great tool that gives you step-by-step directions for this process. You just need to select your current CU and the one you want to upgrade to.
Step 3: Install the Security Update
Once you are on the correct CU, you can install the August 2025 security update.
Step 4: Check Again
After the installation is complete, run the Health Checker script one more time. This ensures that everything was installed correctly and that no further actions are needed.
It is important to install these updates on all your Exchange servers. This includes any workstations that only have the Exchange Management Tools installed. Keeping all components on the same update level prevents compatibility issues.
What If You Run into Problems?
Sometimes, installations don’t go as planned. If you see any errors during or after the update, don’t panic. Microsoft has tools to help.
- Run the SetupAssist script. This script is designed to help troubleshoot and resolve common installation problems.
- If you continue to have issues, consult the “Repair failed installations of Exchange Cumulative and Security updates” guide from Microsoft for more detailed solutions.
If you are using a hybrid setup with Exchange Online, you still need to install this update on your on-premises servers. Exchange Online is already secure, but your local servers, even if only used for management, need the patch. If you change your authentication certificate after the update, remember to run the Hybrid Configuration Wizard again.