KB5071875: This security update resolves vulnerabilities in Microsoft Exchange Serve

Description of the security update for Microsoft Exchange Server 2019 CU15: December 9, 2025 (KB5071875)

Original article content
This security update resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

• CVE-2025-64666 - Microsoft Exchange Server Elevation of Privilege Vulnerability
• CVE-2025-64667​​​​​​​ - Microsoft Exchange Server Spoofing Vulnerability

Exchange Server Health Checker
To verify that that the installation is successful, and check whether any additional actions are required, run the Exchange Server Exchange Server Health Checker.

Enabling Extended Protection in Exchange Server
To enable Extended Protection on Exchange-based servers, see Extended Protection enabled in Exchange Server (KB5017260).