KB5074995

Details

Description of the security update for Microsoft Exchange Server 2016 CU23: February 10, 2026 (KB5074995)

Applies To

Exchange Server 2016

This security update resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

CVE-2026-21527 - Microsoft Exchange Server Spoofing Vulnerability

Note: To mitigate the vulnerability, follow the instructions in the CVE bulletin.

Exchange Server Health Checker

To verify that that the installation is successful, and check whether any additional actions are required, run the Exchange Server Exchange Server Health Checker.

Enabling Extended Protection in Exchange Server

To enable Extended Protection on Exchange-based servers, see Extended Protection enabled in Exchange Server (KB5017260).

How to get and install the update

Important:

Microsoft Exchange Server 2016 and 2019 have reached end of support. For more information, see Support for Exchange Server 2016 and Exchange Server 2019 ends.
Organizations that are enrolled in the Extended Security Update (ESU) program are eligible to receive the February 2026 security updates and all subsequent updates for Exchange Server 2016 and 2019.
To continue receiving the latest security updates, organizations that aren't enrolled in the ESU program should migrate to Exchange Server Subscription Edition (SE).
If you have already purchased the ESU and require information about how to access the latest security updates, please email us at...

Affected Packages

Microsoft Exchange Server

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

15.1.2507.66

References

ADVISORY