Tag Archives: Security Update

Exchange server patching performance and windows defender

Patching an Exchange server, whether it be Windows Update, a Cumulative Update or a Security Update always takes a long time. When looking at the task manager, it is always the Antimalware Service Executable (Windows Defender Antivirus Service) that is responsible for this. It just consumes a lot of processor cycles:

To overcome this and speed up the overall performance of patching the Exchange server you can temporarily disable Windows Defender.

For Exchange 2016 running on Windows 2016 follow these steps:

Start | Settings | Update and Security | Windows Defender

For Exchange 2019 running on Windows 2019 follow these steps:

Start | Settings | Update and Security | Windows Security | Open Windows Security I Virus & Threat protection I Manage Settings

And switch Real-time protection to off as shown in the following screenshot:

Much easier is using PowerShell, just execute this command:

Set-MpPreference -DisableRealtimeMonitoring $True

When patching the Exchange server you will notice how much faster it will be. When patched and rebooted, enable Windows Defender by executing the following PowerShell command:

Set-MpPreference -DisableRealtimeMonitoring $False

You can check the status of Windows defender using one of the following commands:

Get-MpPreference | select DisableRealtimeMonitoring
Get-MpComputerStatus

Check the output for RealTimeProtectionEnabled, this should be set to True. As a sidenote, there is a lot of other interesting information when executing Get-MpComputerStatus for anti-malware.

OCTOBER SECURITY UPDATE FOR EXCHANGE 2013, 2016 AND 2019

On October 13, 2020 Microsoft released a security update for Exchange 2013, Exchange 2016 and Exchange 2019 that addresses the Microsoft Exchange information Disclosure Vulnerability as discussed in CVE-2020-16969 | Microsoft Exchange Information Disclosure Vulnerability

An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.

To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.

The security update corrects the way that Exchange handles these token validations.

Please be aware that the updates are CU specific. The fact that an update for Exchange 2013 is released indicates the importance of this Security Update.

When installing, start the Security Update from an elevated command prompt (Run As Administrator) and as always, test the security update thoroughly.

ProductKB ArticleDownload
Microsoft Exchange Server 2013 Cumulative Update 23KB4581424Security Update
Microsoft Exchange Server 2016 Cumulative Update 17KB4581424Security Update
Microsoft Exchange Server 2016 Cumulative Update 18KB4581424Security Update
Microsoft Exchange Server 2019 Cumulative Update 6KB4581424Security Update
Microsoft Exchange Server 2019 Cumulative Update 7KB4581424Security Update