It's been three weeks since Microsoft's announcement and I am still running across clients who are vulnerable to the current on-premise Exchange server exploits. Not surprisingly, perhaps, many of these same clients are also behind on their Exchange updates and this raised the bar required to remediate the vulnerabilities.
The good news Microsoft has released a Security Update (SU) for those Exchange servers that may be behind in Cumulative Updates (CU). Though not the preferred solution these patches offer a more immediate path to temporarily address current vulnerability while it is actively under exploit by purveyors of Cryptoware. You can find information about these updates in the Microsoft Exchange Blog post here.
Some important bullets from the Microsoft article:
About installation of these updates:
- These updates must be installed from an elevated command prompt:
- Download the update but do not run it immediately.
- Temporarily disable file-level antivirus software.
- Select Start, and type CMD.
- In the results, right-click Command Prompt, and then select Run as administrator.
- If the User Account Control dialog box appears, choose Yes, and then select Continue.
- Type the full path of the .msp file, and then press Enter.
- After the installation is finished, re-enable the antivirus software, and then restart the computer. (You might be prompted by the installer to restart.)
- Installing the SUs mentioned here and then installing a later CU will make the server vulnerable to exploits again until the CU you install contains the March 2021 security fixes (Exchange 2016 CU 20 and Exchange 2019 CU 9 – and newer – include March 2021 security updates).
- Installing updates requires a reboot (even if not prompted). The server will not be protected until after the reboot.
- After installing one of these updates, you might see older Exchange security updates for your older CU available for download from Microsoft Update. Install the older security update from Microsoft Update and your servers will stay protected (for 4 CVEs mentioned before).
- If you run into issues after installation, please see aka.ms/exupdatefaq first. You can also uninstall these updates (using Add/Remove Programs) if needed.
These additional updates are available in KB5000871