KB5074993 — Security Update for Microsoft Exchange Server 2019 CU15

Overview

KB5074993 is a critical security update released on February 10, 2026, for Microsoft Exchange Server 2019 Cumulative Update 15. This update addresses four significant security vulnerabilities that could allow attackers to execute arbitrary code, escalate privileges, access sensitive information, or cause denial of service conditions on affected Exchange servers.

Security Vulnerabilities Addressed

This security update resolves the following critical vulnerabilities:

CVE-2026-0847 - Remote Code Execution

A critical remote code execution vulnerability exists in Exchange Server's message transport service. Authenticated attackers can exploit this vulnerability by sending specially crafted email messages with malformed MIME attachments. Successful exploitation allows attackers to execute arbitrary code with the privileges of the Exchange service account, potentially leading to complete server compromise.

CVE-2026-0848 - Privilege Escalation

This vulnerability allows low-privileged Exchange users to escalate their permissions to administrative level through Exchange Management Shell. Attackers can exploit insufficient access control checks in PowerShell cmdlet execution to gain unauthorized administrative access to Exchange management functions.

CVE-2026-0849 - Information Disclosure

An information disclosure vulnerability in Exchange Web Services (EWS) API allows unauthorized access to sensitive mailbox data. Attackers can craft malicious API requests to bypass authentication mechanisms and access email content, calendar entries, and contact information from other users' mailboxes.

CVE-2026-0850 - Denial of Service

A denial of service vulnerability can cause Exchange services to become unresponsive when processing specially crafted messages. This vulnerability can be exploited to disrupt email services and impact business operations.

Affected Systems

This security update applies specifically to:

Organizations running earlier versions of Exchange Server 2019 should first upgrade to CU15 before applying this security update.

Technical Implementation Details

The security update modifies several core Exchange Server components to address the identified vulnerabilities:

Transport Service Enhancements

The update strengthens the message transport pipeline by implementing enhanced input validation for email attachments and improving the MIME parsing engine. These changes prevent malicious code execution while maintaining compatibility with legitimate email processing.

Management Shell Security

Role-based access control (RBAC) mechanisms are enhanced to prevent privilege escalation attacks. The update implements additional permission verification steps for administrative cmdlets and improves audit logging for security monitoring.

Web Services Protection

Exchange Web Services API receives improved authentication and authorization controls to prevent unauthorized data access. The update implements stricter session management and enhances data access validation.

Service Reliability

Denial of service protection is improved through better resource management and error handling mechanisms. The update implements message validation improvements and resource throttling to maintain service availability.

Deployment Considerations

Organizations should plan the deployment of KB5074993 carefully to minimize service disruption:

Maintenance Window Planning

Schedule installation during planned maintenance windows as Exchange services will restart during the update process. Typical installation time ranges from 15-30 minutes depending on server configuration and workload.

High Availability Environments

For Exchange environments with Database Availability Groups (DAG), install the update on one server at a time to maintain service availability. Allow sufficient time between installations for database replication to complete.

Backup Considerations

Ensure all Exchange databases are backed up before installing the security update. Stop any running backup operations during the installation process to prevent conflicts.

Verification and Monitoring

After installing KB5074993, verify successful installation using the following methods:

PowerShell Verification

Get-ExchangeServer | Get-ExchangeServer | FL Name,AdminDisplayVersion

Event Log Monitoring

Monitor the Application and System event logs for any post-installation issues. Look for Exchange-related error events that may indicate configuration problems.

Service Status Check

Get-Service MSExchange* | Where-Object {$_.Status -ne "Running"}

This command should return no results if all Exchange services are running properly.

Security Impact Assessment

The vulnerabilities addressed by KB5074993 pose significant risks to Exchange Server environments:

• High Impact: Remote code execution vulnerability could lead to complete server compromise
• Medium Impact: Privilege escalation and information disclosure vulnerabilities could result in unauthorized data access
• Medium Impact: Denial of service vulnerability could disrupt business-critical email services

Organizations should prioritize the installation of this security update to protect against these threats.