Tag Archives: Security Update

Exchange security updates November 2021

I have been away for a couple of days, but you already might have seen that Microsoft released a number of Security Updates for Exchange 2019, Exchange 2016 and Exchange 2013, but only for the last two Cumulative Updates (as always).

Security Updates are available for the following products:

Exchange versionDownloadKnowledge Base
Exchange 2019 CU11https://www.microsoft.com/en-us/download/details.aspx?id=103643KB5007409
Exchange 2019 CU10https://www.microsoft.com/en-us/download/details.aspx?id=103642KB5007409
Exchange 2016 CU22https://www.microsoft.com/en-us/download/details.aspx?id=103644KB5007409
Exchange 2016 CU21https://www.microsoft.com/en-us/download/details.aspx?id=103645KB5007409
Exchange 2013 CU23https://www.microsoft.com/en-us/download/details.aspx?id=103646KB5007409

The following vulnerabilities are addressed in these updates:

Security Updates are CU specific and can only be applied to the specific Cumulative Update. When trying to install a Security Update for another CU, an error message will be returned.

Security Updates are also cumulative, so this Security Update contains all previous security updates for this specific CU. There’s no need to install previous Security Updates before this Security Update.

As always, after downloading a Security Update, start the Security Update from a command prompt with elevated privileges (‘Run as Administrator’) to prevent an erratic installation. This does not apply when installing a Security Update via Windows Update or WSUS.

Exchange Security Updates October 2021

On October 12, 2021 Microsoft released Security Updates for vulnerabilities found in Exchange server 2013 CU23, Exchange server 2016 (CU21/CU22) and Exchange server 2019 (CU10/CU11). Severity is marked as ‘important’.

If you are running one of these versions, it is recommended to apply these security updates. Please note that the security updates are CU specific, and these are not interchangeable. Security updates are also cumulative, so these security updates contain all previous security updates for the same cumulative update. If you are running an older version of Exchange, it is strongly recommended to upgrade to the latest Cumulative Update and apply the security updates. You can use the healthchecker script to inventory your environment.

Please use the Microsoft Security Update Guide for more specific information about the vulnerabilities.

As always, after downloading the security updates, start the installation from an elevated command prompt (‘run as administrator’). This does not apply when installing from Windows Update or WSUS. And of course, please the security updates in a test environment first before installing in production.

You can download the security updates for the following products here:

Exchange server patching performance and windows defender

Patching an Exchange server, whether it be Windows Update, a Cumulative Update or a Security Update always takes a long time. When looking at the task manager, it is always the Antimalware Service Executable (Windows Defender Antivirus Service) that is responsible for this. It just consumes a lot of processor cycles:

To overcome this and speed up the overall performance of patching the Exchange server you can temporarily disable Windows Defender.

For Exchange 2016 running on Windows 2016 follow these steps:

Start | Settings | Update and Security | Windows Defender

For Exchange 2019 running on Windows 2019 follow these steps:

Start | Settings | Update and Security | Windows Security | Open Windows Security I Virus & Threat protection I Manage Settings

And switch Real-time protection to off as shown in the following screenshot:

Much easier is using PowerShell, just execute this command:

Set-MpPreference -DisableRealtimeMonitoring $True

When patching the Exchange server you will notice how much faster it will be. When patched and rebooted, enable Windows Defender by executing the following PowerShell command:

Set-MpPreference -DisableRealtimeMonitoring $False

You can check the status of Windows defender using one of the following commands:

Get-MpPreference | select DisableRealtimeMonitoring
Get-MpComputerStatus

Check the output for RealTimeProtectionEnabled, this should be set to True. As a sidenote, there is a lot of other interesting information when executing Get-MpComputerStatus for anti-malware.

OCTOBER SECURITY UPDATE FOR EXCHANGE 2013, 2016 AND 2019

On October 13, 2020 Microsoft released a security update for Exchange 2013, Exchange 2016 and Exchange 2019 that addresses the Microsoft Exchange information Disclosure Vulnerability as discussed in CVE-2020-16969 | Microsoft Exchange Information Disclosure Vulnerability

An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.

To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.

The security update corrects the way that Exchange handles these token validations.

Please be aware that the updates are CU specific. The fact that an update for Exchange 2013 is released indicates the importance of this Security Update.

When installing, start the Security Update from an elevated command prompt (Run As Administrator) and as always, test the security update thoroughly.

ProductKB ArticleDownload
Microsoft Exchange Server 2013 Cumulative Update 23KB4581424Security Update
Microsoft Exchange Server 2016 Cumulative Update 17KB4581424Security Update
Microsoft Exchange Server 2016 Cumulative Update 18KB4581424Security Update
Microsoft Exchange Server 2019 Cumulative Update 6KB4581424Security Update
Microsoft Exchange Server 2019 Cumulative Update 7KB4581424Security Update