Description of the security update for Microsoft Exchange Server 2019 CU15: June 09, 2026 (KB5094140)

Applies To
Exchange Server 2019

This security update resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

Note

The fix for CVE-2026-45583 is not included in the Security Update, please follow the instructions mentioned in the CVE documentation to address this vulnerability.

Issues fixed in this update

Exchange Server Health Checker

To verify that that the installation is successful, and check whether any additional actions are required, run the Exchange Server Exchange Server Health Checker.

Enabling Extended Protection in Exchange Server

To enable Extended Protection on Exchange-based servers, see Extended Protection enabled in Exchange Server (KB5017260).

How to get and install the update

Important

  • Microsoft Exchange Server 2016 and 2019 have reached end of support. For more information, see Support for Exchange Server 2016 and Exchange Server 2019 ends. 
  • Organizations enrolled in the Extended Security Update (ESU) program are eligible to receive the December 2025 security updates and all subsequent updates for Exchange Server 2016 and 2019.
  • To continue receiving the latest security updates, organizations not enrolled in the ESU program should migrate to Exchange Server Subscription Edition (SE).
  • If you have already purchased the ESU and require information on how to access the latest security updates, please email us at ExchangeandSfBServerESUInquiry@service.microsoft.com.

More information

Security update deployment information

For deployment information about this update, see Deployments - Security Update Guide.

Security update replacement information

This security update replaces the following previously released updates:

File information

File hash information

Update Name File name SHA256 hash
Exchange Server 2019 Cumulative Update 15 SU8 Exchange2019-KB5094140-x64-en.exe 4CAA80367F0E44493F937E4AFB7CFB9139AE583786E3E79E30AE99967FD894F6

Hashes for additional languages

The hash tables for additional languages are available here:

Exchange Server file information

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

More information

For more information about the deployment of Exchange Server 2019, see Release notes for Exchange Server 2019.
For more information about the coexistence of Exchange Server 2019 and earlier versions of Exchange Server in the same environment, see Exchange Server 2019 system requirements.

For more information about other Exchange updates, see Exchange Server Updates: Build numbers and release dates.

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security