We are trying to update Exchange 2013 with cumulative update 23. As I understand it, we can't apply cu21 and cu22 without first applying cu23. This is to address a vulnerability which is preventing PCI compliance.
All the flagged pre-requisites appear to have been completed, but when running the update we see the error:

referring to ActiveDirectorySplitPermissions NullReferenceException
I would appreciate any help with this.

