Tag Archives: Cumulative Update

January 2022 Exchange Security Updates

January 11, 2022 jaapwesselius Leave a comment

On january 11, 2022 Microsoft released new Security Updates for Exchange versions:

Exchange 2013 CU23
Exchange 2016 CU21, Exchange 2016 CU22
Exchange 2019 CU10, Exchange 2019 CU11

The following vulnerabilities have been addressed in these Security Updates:

No exploits have been found in the wild, but it is recommended to install these Security Updates as soon as possible.

These updates are targeted toward Exchange server on-premises, including Exchange servers used in a hybrid configuration.

Please note the following:

Run the Exchange Server Healthcheck script on your Exchange server to get an overview of all issues in your environment, including installed Security Updates and Cumulative Updates versions.
If running an old (and unsupported!) version of Exchange server, please update to the latest CU to get in a supported state and install these Security Updates.
When installing manually, start the update from a command prompt with elevated privileges. If you fail to do so, it will look like installation successfully finishes, but various issues will occur. This is not needed when installing using Windows Update or WSUS.
Security Updates are also cumulative, so this Security Updates contains all previous Security Updates for this specific Cumulative Update. There’s no need to install previous Security Updates before installing this Security Update.
The December 2021 Cumulative Update is postponed, check the link on the Microsoft site. Microsoft does not release Security Updates and Security Updates in the same month, so do not except a new Cumulative Update anytime soon.
This Security Update does not contain a fix for the Y2K22 problem that popped up on January 1, see the Email stuck in Exchange on-premises Transport Queues article which also contains the solution.
As always, download and deploy in your test environment to see if it all works well in your environment.

Exchange version	Download	Knowledge base
Exchange 2013 CU23	https://www.microsoft.com/en-us/download/details.aspx?id=103857	KB5008631
Exchange 2016 CU21	https://www.microsoft.com/en-us/download/details.aspx?id=103856	KB5008631
Exchange 2016 CU22	https://www.microsoft.com/en-us/download/details.aspx?id=103855	KB5008631
Exchange 2019 CU10	https://www.microsoft.com/en-us/download/details.aspx?id=103853	KB5008631
Exchange 2019 CU11	https://www.microsoft.com/en-us/download/details.aspx?id=103854	KB5008631

Exchange

June 2021 Exchange Cumulative Updates

June 29, 2021 jaapwesselius Leave a comment

One June 29, 2021 Microsoft has released the June 2021 Cumulative Updates for Exchange server, two weeks later than initially planned.

For Exchange 2016 it is a special Cumulative Update, since CU21 is the latest update that will be released for the product.

Besides a number of fixes, both CU’s contain integration with the Anti-Malware Scan Interface (AMSI). AMSI is available in Windows 2016 and Windows 2019, and Exchange now integrates with AMSI. Prerequisite is of course that Exchange 2016 is running on Windows 2016. When running on Windows 2012 R2, the AMSI integration is not available.

AMSI integration is a result of the HAFNIUM infections earlier this year. When using an anti-malware solution that is AMSI capable, malicious HTTP requests are blocked before they are processed by the Exchange server.

Important notes:

Both CUs contain a Schema Update and an Active Directory update, so you must run Setup.exe /PrepareSchema and Setup.exe /PrepareAD.
When running the Exchange servers in a DAG, don’t forget to put your DAG members in maintenance mode prior to updating.
When running in Hybrid Mode, Microsoft requires you to run the last or second-last Cumulative Update.
As usual, test the CUs thoroughly before bringing them into your production environment.

Version	Knowledge Base	Download
Exchange 2019 CU10	KB5003612	CU10 for Exchange 2019
Exchange 2016 CU21	KB5003611	CU21 for Exchange 2016
Exchange 2016 CU12 UM Language Pack		UM LP for Exchange 2016 CU21

Exchange

Exchange server patching performance and windows defender

May 14, 2021 jaapwesselius Leave a comment

Patching an Exchange server, whether it be Windows Update, a Cumulative Update or a Security Update always takes a long time. When looking at the task manager, it is always the Antimalware Service Executable (Windows Defender Antivirus Service) that is responsible for this. It just consumes a lot of processor cycles:

To overcome this and speed up the overall performance of patching the Exchange server you can temporarily disable Windows Defender.

For Exchange 2016 running on Windows 2016 follow these steps:

Start | Settings | Update and Security | Windows Defender

For Exchange 2019 running on Windows 2019 follow these steps:

Start | Settings | Update and Security | Windows Security | Open Windows Security I Virus & Threat protection I Manage Settings

And switch Real-time protection to off as shown in the following screenshot:

Much easier is using PowerShell, just execute this command:

Set-MpPreference -DisableRealtimeMonitoring $True

When patching the Exchange server you will notice how much faster it will be. When patched and rebooted, enable Windows Defender by executing the following PowerShell command:

Set-MpPreference -DisableRealtimeMonitoring $False

You can check the status of Windows defender using one of the following commands:

Get-MpPreference | select DisableRealtimeMonitoring
Get-MpComputerStatus

Check the output for RealTimeProtectionEnabled, this should be set to True. As a sidenote, there is a lot of other interesting information when executing Get-MpComputerStatus for anti-malware.

Exchange

April 2021 Exchange Server Security Updates

April 13, 2021 jaapwesselius 2 Comments

There we go again…. Last week there has been some rumor going on about pwn2own 2021, some kind of security contest to find any security issues in software products and according to this statement taken from the pwn2own site, vulnerabilities were found in Exchange:

“SUCCESS – The DEVCORE team combined an authentication bypass and a local privilege escalation to complete take over the Exchange server. They earn $200,000 and 20 Master of Pwn points.”

Today Microsoft released security updates for Exchange 2013, Exchange 2016 and Exchange 2019 that addresses security vulnerability found recently. The following Remote Code Execution vulnerabilities are fixed with these updates:

You can find more information and the download links in the following table.

Exchange version	Download	KB Article
Exchange 2019 CU9	https://www.microsoft.com/en-us/download/details.aspx?id=103004	KB5001779
Exchange 2019 CU8	https://www.microsoft.com/en-us/download/details.aspx?id=103003	KB5001779
Exchange 2016 CU20	https://www.microsoft.com/en-us/download/details.aspx?id=103002	KB5001779
Exchange 2016 CU19	https://www.microsoft.com/en-us/download/details.aspx?id=103001	KB5001779
Exchange 2013 CU23	https://www.microsoft.com/en-us/download/details.aspx?id=103000	KB5001779

Notes:

At this moment no active exploits using these vulnerabilities are reported.
These vulnerabilities only concern Exchange 2013/2016/2019 on-premises. Exchange Online is not vulnerable because of its different architecture. Please remember that Exchange Online uses a different codebase.
Updates are specific for Cumulative Updates, an update for CU9 cannot be installed on CU8. The CU version is in the name of the update.
Updates are cumulative, so these updates also contain all previous updates for this CU versions.
If you are running Exchange hybrid you need to update the hybrid servers as well, even when all mailboxes are in Exchange Online.
Previous mitigation scripts like EOMT will not mitigate the April 2021 vulnerabilities.
Start the updates from a command prompt with elevated privileges. If you do not, the update can finish successfully (or report no errors) but under the hood stuff will break. When updating from Windows Update there’s no need to use elevated privileges.
Use the Exchange Server Health Checker script (available from Microsoft Github) for an inventory of your Exchange environment. The script will return if any servers are behind with Cumulative Updates and Security Updates.
More information can be found on the Microsoft Security Response Center (MSRC).

Exchange

Quarterly Updates: Exchange 2016 CU19 and Exchange 2019 CU8

December 16, 2020 jaapwesselius 4 Comments

On Tuesday December 15, 2020 Microsoft has released its quarterly updates for Exchange server, specifically Exchange 2019 CU19 and Exchange 2019 CU8.

Nothing special, but a few remarks:

In contrast to earlier communication from Microsoft, CU19 is not the last CU released by Microsoft. The final CU for Exchange 2016 will be released in March 2021.
The issue with opening attachments in a shared mailbox using OWA (as explained in a previous blogpost https://jaapwesselius.com/2020/11/02/open-attachment-in-shared-mailbox-using-owa/) in fixed in these CUs.
De December security updates for Exchange Server (https://jaapwesselius.com/2020/11/02/open-attachment-in-shared-mailbox-using-owa/) are also included in these CUs.
When running a hybrid deployment or when using Exchange Online Archiving in combination with Exchange on-premises, make sure you run the latest CU or one version older (i.e. Exchange 2013 CU23, Exchange 2016 CU18/CU19 or Exchange 2019 CU7/CU8)
No schema changes in these CUs but there are changes to AD, so make sure you run the Setup.exe /PrepareAD command
And as always, test thoroughly in your lab environment, and when deploying make sure your servers are in maintenance mode (especially the DAG).

Exchange Version	KB Article	Download
Exchange 2019 CU8	KB4588885	Volume License
Exchange 2016 CU19	KB4588884	Download
Exchange 2016 CU19 UM Language Pack		Download

More information can be found on the Microsoft website: December 2020 Quarterly Exchange Updates – https://techcommunity.microsoft.com/t5/exchange-team-blog/released-december-2020-quarterly-exchange-updates/ba-p/1976527