{"id":912,"date":"2021-03-11T15:20:19","date_gmt":"2021-03-11T20:20:19","guid":{"rendered":"https:\/\/itblog.ldlnet.net\/?p=912"},"modified":"2021-03-11T15:20:19","modified_gmt":"2021-03-11T20:20:19","slug":"support-announcement-march-2021-exchange-server-security-updates-for-older-cumulative-updates-of-exchange-server","status":"publish","type":"post","link":"https:\/\/itblog.ldlnet.net\/index.php\/2021\/03\/11\/support-announcement-march-2021-exchange-server-security-updates-for-older-cumulative-updates-of-exchange-server\/","title":{"rendered":"Support Announcement: March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server"},"content":{"rendered":"\n<p>There was a zero day threat in Exchange recently and I wanted to put out this update that I received from the Microsoft team so that it would be available to my followers and readers. I will try to keep this updated as much as I can as I am not updating my blog as much with my current projects taking up most of my time. Thanks to everyone and keep in touch!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<p>To help customers more quickly protect their environments in light of the&nbsp;<a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Freleased-march-2021-exchange-server-security-updates%2Fbc-p%2F2188142&amp;data=04%7C01%7Cgeraldr%40microsoft.com%7C660ae7d283a441d19ee308d8e2b85f04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637508628889300559%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=PXuU7Hi1T5MxQ8J4FwKYHNdczQJzmZSKN3LOqP2tfxw%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">March 2021 Exchange Server Security Updates<\/a>, Microsoft is producing an additional series of security updates (SUs) that can be applied to some older (and unsupported) Cumulative Updates (CUs). The availability of these updates does not mean that you don\u2019t have to keep your environment current.&nbsp;<strong><em>This is intended only as a temporary measure to help you protect vulnerable machines right now. You still need to update to the latest supported CU and then apply the applicable SUs.<\/em><\/strong>&nbsp;If you are already mid-update to a later CU, you should continue with that update.<\/p>\n\n\n\n<p>With these new updates, you will have a new path you can take:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"999\" height=\"452\" src=\"https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2021\/03\/CU3-21Update.jpg\" alt=\"\" class=\"wp-image-913\" srcset=\"https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2021\/03\/CU3-21Update.jpg 999w, https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2021\/03\/CU3-21Update-300x136.jpg 300w, https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2021\/03\/CU3-21Update-768x347.jpg 768w\" sizes=\"auto, (max-width: 999px) 100vw, 999px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What are these updates?&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>These update packages contain&nbsp;<strong>only<\/strong>&nbsp;fixes for March 2021 CVEs (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065);&nbsp;<strong><em>no other product updates or security fixes are included.&nbsp;<\/em><\/strong>Installing these updates does&nbsp;<em>not<\/em>&nbsp;mean an unsupported CU is now supported.<\/li><li>Updates are available only through the Microsoft Download Center (not on Microsoft Update).<\/li><li>We are producing updates only for&nbsp;<strong>some<\/strong>&nbsp;older CUs for Exchange 2016 and 2019.<\/li><li>If you are running a version of Exchange not covered by these updates, consider either rolling forward to a CU package that has an applicable SU, or rolling forward to a supported CU (preferred option). In case you need to go forward with CUs, please see:&nbsp;<a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fplan-and-deploy%2Finstall-cumulative-updates&amp;data=04%7C01%7Cgeraldr%40microsoft.com%7C660ae7d283a441d19ee308d8e2b85f04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637508628889300559%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=JC5fFp5g5VjNgbxK5mpJJkhOaxAOjvzRV5ZnY0%2Bn4ws%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">best practices for installation of Exchange updates<\/a>&nbsp;(applies to all versions of Exchange).<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About installation of these updates<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>These updates&nbsp;<strong>must<\/strong>&nbsp;be installed from an elevated command prompt:<ol start=\"1\" type=\"1\"><li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Download the update but&nbsp;<strong>do not<\/strong>&nbsp;run it immediately.<\/li><li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Select&nbsp;<strong>Start<\/strong>, and type CMD.<\/li><li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; In the results, right-click&nbsp;<strong>Command Prompt<\/strong>, and then select&nbsp;<strong>Run as administrator<\/strong>.<\/li><li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If the User Account Control dialog box appears, choose&nbsp;<strong>Yes<\/strong>, and then select&nbsp;<strong>Continue<\/strong>.<\/li><li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Type the full path of the .msp file, and then press&nbsp;<strong>Enter<\/strong>.<\/li><\/ol><\/li><li>Installing the SUs mentioned here and then installing a later CU&nbsp;<strong>will<\/strong>&nbsp;make the server vulnerable to exploits again until the CU you install contains the March 2021 security fixes (Exchange 2016 CU 20 and Exchange 2019 CU 9 \u2013 and newer \u2013 will include March 2021 security updates).<\/li><li>Installing updates requires a reboot (even if not prompted). The server will not be protected until after the reboot.<\/li><li>After installing one of these updates, you might see older Exchange security updates for your older CU available for download from Microsoft Update. Install the older security update from Microsoft Update and your servers will stay protected (for 4 CVEs mentioned before).<\/li><li>If you run into issues after installation, please see&nbsp;<a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Faka.ms%2Fexupdatefaq&amp;data=04%7C01%7Cgeraldr%40microsoft.com%7C660ae7d283a441d19ee308d8e2b85f04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637508628889310518%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=vjKyKxFcRJT%2FHigVrN6X5KxSIBI19T%2BK3x%2FbZ5%2F%2BoI8%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/aka.ms\/exupdatefaq<\/a>&nbsp;first. You can also uninstall these updates (using Add\/Remove Programs) if needed.<\/li><\/ul>\n\n\n\n<p>These additional updates are about to be to available in&nbsp;<a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fdescription-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b&amp;data=04%7C01%7Cgeraldr%40microsoft.com%7C660ae7d283a441d19ee308d8e2b85f04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637508628889310518%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=b2Qlb4vsRsXetoPlvp%2BJU6HiIw74ImY8m7dcz%2Ff0FlI%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">KB5000871<\/a>.<\/p>\n\n\n\n<p><strong>IMPORTANT:<\/strong>&nbsp;You&nbsp;<em>must<\/em>&nbsp;install .msp updates from elevated command prompt (see Known Issues in the update KB article)<\/p>\n\n\n\n<p>If you install these additional updates, please ensure that you continue to bring your Exchange environment to supported state as soon as possible. Our original announcement&nbsp;<a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Freleased-march-2021-exchange-server-security-updates%2Fbc-p%2F2194515&amp;data=04%7C01%7Cgeraldr%40microsoft.com%7C660ae7d283a441d19ee308d8e2b85f04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637508628889310518%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=l%2FvrFyNo60TPa1I4QRV%2B3p%2FTNBLjWm44wnexv36%2BIgs%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">Released: March 2021 Exchange Server Security Updates<\/a>&nbsp;contains information and resources that can help you plan your updates, troubleshoot problems, and help you with mitigations, investigation, and remediation of the vulnerabilities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Additional news about investigations<\/h2>\n\n\n\n<p>To aid defenders in investigating these attacks where Microsoft security products and tooling may not be deployed, we are releasing a feed of observed indicators of compromise (IOCs). The feed of malware hashes and known malicious file paths observed in related attacks is available in both JSON and CSV formats at the below GitHub links. This information is being shared as TLP:WHITE.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSample%2520Data%2FFeeds%2FMSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.csv&amp;data=04%7C01%7Cgeraldr%40microsoft.com%7C660ae7d283a441d19ee308d8e2b85f04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637508628889320470%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=NP1kg5cOfTfPpcKIIMOJCqgMivzCfqI51o2Xvbxk0MI%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">CSV format<\/a><\/li><li>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSample%2520Data%2FFeeds%2FMSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.json&amp;data=04%7C01%7Cgeraldr%40microsoft.com%7C660ae7d283a441d19ee308d8e2b85f04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637508628889320470%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=vASZMoU5Q1yLD50SbAhDc%2B7IGEQ6LGx4CUYctQIE1mQ%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">JSON format<\/a><\/li><\/ul>\n\n\n\n<p>Please keep checking the below blog post for any related updates.<\/p>\n\n\n\n<p>The Exchange Team<\/p>\n\n\n\n<p>REFERENCES:<br><a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fmarch-2021-exchange-server-security-updates-for-older-cumulative%2Fba-p%2F2192020&amp;data=04%7C01%7Cgeraldr%40microsoft.com%7C660ae7d283a441d19ee308d8e2b85f04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637508628889330419%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=cPapUFwgv%2B4eOVzntEWZJL2A8rYq0lgtBMRTlX%2FoyNE%3D&amp;reserved=0\">March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server &#8211; Microsoft Tech Community<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>There was a zero day threat in Exchange recently and I wanted to put out this update that I received from the<\/p>\n<p class=\"link-more\"><a class=\"myButt \" href=\"https:\/\/itblog.ldlnet.net\/index.php\/2021\/03\/11\/support-announcement-march-2021-exchange-server-security-updates-for-older-cumulative-updates-of-exchange-server\/\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":161,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,2,266],"tags":[9,149,151,278,279,122],"class_list":["post-912","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-exchange","category-general","category-security-and-compliance","tag-exchange","tag-exchange-2016","tag-exchange-2019","tag-hotfix","tag-patching","tag-updates","odd"],"_links":{"self":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/comments?post=912"}],"version-history":[{"count":2,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/912\/revisions"}],"predecessor-version":[{"id":915,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/912\/revisions\/915"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/media\/161"}],"wp:attachment":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/media?parent=912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/categories?post=912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/tags?post=912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}