Follow these steps, rebooting after EACH step and running from an ELEVATED PROMPT.
Run each step separately:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains
Then install CU23:
Then install the security patch:
Once you are patched, you need to investigate to see if your server has been compromised and scan your server for known exploits:
Microsoft Support Emergency Response Tool (MSERT) to scan Microsoft Exchange Server
If you find no evidence of actual compromise, then you are probably ok, but look to getting a quality anti-malware solution for Exchange for ongoing protection.
If any of your security detections or the investigation tools results lead you to suspect that your Exchange servers have been compromised and an attacker has actively engaged in your environment, execute your Security Incident Response plans, and consider engaging experienced Incident Response assistance. It is particularly critical if you suspect that your Exchange environment is compromised by a persistent adversary that you coordinate your response using alternative communications channels as mentioned earlier in this document.