One June 29, 2021 Microsoft has released the June 2021 Cumulative Updates for Exchange server, two weeks later than initially planned.
For Exchange 2016 it is a special Cumulative Update, since CU21 is the latest update that will be released for the product.
Besides a number of fixes, both CU’s contain integration with the Anti-Malware Scan Interface (AMSI). AMSI is available in Windows 2016 and Windows 2019, and Exchange now integrates with AMSI. Prerequisite is of course that Exchange 2016 is running on Windows 2016. When running on Windows 2012 R2, the AMSI integration is not available.
AMSI integration is a result of the HAFNIUM infections earlier this year. When using an anti-malware solution that is AMSI capable, malicious HTTP requests are blocked before they are processed by the Exchange server.
- Both CUs contain a Schema Update and an Active Directory update, so you must run Setup.exe /PrepareSchema and Setup.exe /PrepareAD.
- When running the Exchange servers in a DAG, don’t forget to put your DAG members in maintenance mode prior to updating.
- When running in Hybrid Mode, Microsoft requires you to run the last or second-last Cumulative Update.
- As usual, test the CUs thoroughly before bringing them into your production environment.