Released: August 2025 Exchange Server Security Updates

Implementing a Center of Excellence for Generative AI

August 13, 2025

Major Update to MB-800: A New Chapter for Business Central Learners

August 13, 2025

Published by azurefeeds on August 13, 2025

Exchange Server AMSI body scanning enabled by default

Starting with the Exchange Server November 2024 Security Update (SU), AMSI integration was enhanced to include new capabilities for scanning the “HTTP message body”. This feature will be enabled by default for all protocols beginning with the installation of the August 2025 Exchange Server Security Update.

If you notice reduced performance after installing the August 2025 SU, refer to the Exchange Server AMSI integration documentation for instructions on how to disable the AMSI body scanning feature.

Update installation

The following update paths are available:

Inventory your Exchange Servers to determine which updates are needed using the Exchange Server Health Checker script. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs, SUs, or manual actions).

Install the latest CU. Use the Exchange Update Wizard to choose your current CU and your target CU to get directions.

Re-run the Health Checker after you install an update to see if any further actions are needed.

If you encounter errors during or after installation of Exchange Server, run the SetupAssist script. If something does not work properly after updates, see Repair failed installations of Exchange Cumulative and Security updates. Also please see File version error when you try to install Exchange Server updates.

FAQs

Do August 2025 updates contain the fixes needed to address the recently announced CVE-2025-53786?
Yes, all Exchange updates are cumulative in nature. Therefore, August 2025 SUs contain the ability for Exchange Server on-premises to support the use of dedicated Exchange hybrid app. You still need to follow the guidance to configure the app as applicable to your organization scenario. Please see Exchange Server Security Changes for Hybrid Deployments.

Our organization is in Hybrid mode with Exchange Online. Do we need to do anything?
Exchange Online is already protected, but this SU needs to be installed on your Exchange servers, even if they are used only for management purposes. If you change the auth certificate after installing an SU, you should re-run the Hybrid Configuration Wizard.

The last SU/HU we installed is a few months old. Do we need to install all SUs in order to install the latest one?
SUs are cumulative. If you are running a CU supported by the SU, you do not need to install all SUs or HUs in sequential order; simply install the latest SU. Please see this blog post for more information.

Do we need to install SUs on all Exchange Servers within our organization? What about ‘Management Tools only’ machines?
Our recommendation is to install SUs on all Exchange Servers and all servers and workstations running the Exchange Management Tools to ensure compatibility between management tools clients and servers. If you are trying to update the Exchange Management Tools in the environment with no running Exchange servers, please see this.

Documentation may not be fully available at the time this post is published.

This post might receive future updates; they will be listed here (if available).

The Exchange Server Team

Implementing a Center of Excellence for Generative AI

Major Update to MB-800: A New Chapter for Business Central Learners

Implementing a Center of Excellence for Generative AI

Major Update to MB-800: A New Chapter for Business Central Learners

Exchange Server AMSI body scanning enabled by default

Update installation

FAQs

Related posts

Azure App Testing: Playwright Workspaces for Local-to-Cloud Test Runs

Microsoft 365 Champion community break in August

🚀 General Availability: Enhanced Data Mapper Experience in Logic Apps (Standard)