These updates are available for the following specific builds of Exchange Server:<\/p>\n\n\n\n
IMPORTANT:<\/strong> If manually installing security updates, you must<\/em> install .msp from elevated command prompt (see Known Issues in update KB article).<\/p>\n\n\n\n Vulnerabilities addressed in the April 2021 security updates were responsibly reported to Microsoft by a security partner. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.<\/p>\n\n\n\n These vulnerabilities affect Microsoft Exchange Server. Exchange Online customers are already protected and do not need to take any action.<\/p>\n\n\n\n For additional information, please see the Microsoft Security Response Center (MSRC) blog<\/a>. More details about specific CVEs can be found in Security Update Guide<\/a> (filter on Exchange Server under Product Family).<\/p>\n\n\n\n Two update paths are:<\/p>\n\n\n\n Use the Exchange Server Health Checker script<\/a>, which can be downloaded from GitHub (use the latest release), to inventory your servers. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs and SUs).<\/p>\n\n\n\n Go to https:\/\/aka.ms\/ExchangeUpdateWizard<\/a> and choose your currently running CU and your target CU. Then click the \u201cTell me the steps\u201d button, to get directions for your environment.<\/p>\n\n\n\n Make sure to follow the ExchangeUpdateWizard<\/a> instructions and best practices for installation of updates<\/a> carefully, including when to install using elevated command prompt. If you encounter errors during or after installation, see Repair failed installations of Exchange Cumulative and Security updates<\/a>.<\/p>\n\n\n\n My organization is in Hybrid mode with Exchange Online. Do I need to do anything?<\/strong><\/em> Do the April 2021 security updates contain the March 2021 security updates for Exchange Server?<\/strong><\/em> Is Microsoft planning to release April 2021 security updates for older (unsupported) versions of Exchange CUs?<\/strong><\/em> Can we use March 2021 mitigation scripts (like EOMT) as a temporary solution?<\/strong><\/em> Do I need to install the updates on \u2018Exchange Management Tools only\u2019 workstations?<\/strong><\/em> Why are there security updates two months in a row?<\/strong><\/em> Is there no update for Exchange Server 2010?<\/strong><\/em> Is there a specific order of installation for the April 2021 security updates?<\/strong><\/em> REFERENCES:<\/em><\/strong> Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 These updates are available<\/p>\n![\"\"](\"https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2021\/04\/CU9-AprilUpdate.jpg\")
Inventory your Exchange Servers<\/h2>\n\n\n\n
Update to the latest Cumulative Update<\/h2>\n\n\n\n
![\"\"](\"https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2021\/04\/CU9-AprilUpdate2.jpg\")
<\/figure><\/div>\n\n\n\nIf you encounter errors during or after installation of Exchange Server updates<\/h2>\n\n\n\n
FAQs<\/h1>\n\n\n\n
While Exchange Online customers are already protected, the April 2021 security updates do need to be applied to your on-premises Exchange Server, even if it is used only for management purposes. You do not<\/em> need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.<\/p>\n\n\n\n
Yes, our security updates are cumulative. Customers who installed the March 2021 security updates for supported CUs can install the April 2021 security updates and be protected against the vulnerabilities that were disclosed during both months. If you are installing an update manually, do not double-click on the .msp file, but instead run the install from an elevated CMD prompt.<\/p>\n\n\n\n
No, we have no plans to release the April 2021 security updates for older or unsupported CUs. In March, we took unprecedented steps and released SUs for unsupported CUs because there were active exploits in the wild. You should update your Exchange Servers to supported CUs and then install the SUs. There are 47 unsupported CUs for the affected versions of Exchange Server, and it is not sustainable to release updates for all of them. We strongly recommend that you keep your environments current.<\/p>\n\n\n\n
The vulnerabilities fixed in the April 2021 updates are different from those we fixed before. Therefore, running March 2021 security tools and scripts will not<\/em> mitigate the vulnerabilities fixed in April 2021. You should update your servers as soon as possible.<\/p>\n\n\n\n
<\/em><\/strong>Servers or workstations running only Microsoft Exchange Management Tools (no Exchange services) do not need to apply these updates.<\/p>\n\n\n\n
Microsoft regularly releases Exchange Server security updates on \u2018patch Tuesday\u2019. We are always looking for ways to make Exchange Server more secure. You should expect us to continue releasing updates for Exchange Server in the future. The best way to be prepared for new updates is to keep your environment current.<\/p>\n\n\n\n
<\/em><\/strong>No, Exchange 2010 is not affected by the vulnerabilities fixed in the April 2021 security updates.<\/p>\n\n\n\n
We recommend that you update all on-premises Exchange Servers with the April 2021 security updates using your usual update process.<\/p>\n\n\n\n
Released: April 2021 Exchange Server Security Updates – Microsoft Tech Community<\/a>
April 2021 Update Tuesday packages now available \u2013 Microsoft Security Response Center<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"