Microsoft Exchange vulnerability has been in the news for the last few weeks and today Exchange PG released early Cumulative Updates This update is pretty for all versions (supported) versions of Exchange Server.
The KB articles that describe the fixes in each release and product downloads are available as follows:
- Exchange Server 2019 Cumulative Update 1 (KB4471391), VLSC Download
- Exchange Server 2016 Cumulative Update 12 (KB4471392), Download, UM Lang Packs
- Exchange Server 2013 Cumulative Update 22 (KB4345836), Download, UM Lang Packs
- Exchange Server 2010 Service Pack 3 Update Rollup 26 (KB4487052), Download, also available on Microsoft Update
What is a common update fix?
- 4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
This particular fix applies to all the CU for all Exchange Servers. No matter which version of Exchange Server you are ruining, this fix is available as below in different CU
This change in behavior becomes effective in the following Exchange releases:
- Exchange Server 2019 – Cumulative Update 1
- Exchange Server 2016 – Cumulative Update 12
- Exchange Server 2013 – Cumulative Update 22
- Exchange Server 2010 – Update Rollup 26
How to Deploy
There is no special requirement. If you deploy the CU then bring you servers in the maintenance mode or you can run the /PrepareAd from the binaries. and don’t forget to Test, Test and Test in your lab first.
“In order to apply these changes, a directory admin will need to run the cumulative update setup program with the /PrepareAD parameter. When multiple Exchange versions co-exist in a single Active Directory forest, the cumulative update matching the latest version of Exchange deployed should be used to run /PrepareAD. Setup will automatically run /PrepareDomain in the domain where /PrepareAD is executed. Environments with multiple domains in the forest will need to run the cumulative update setup program using the /PrepareDomain parameter in all domains in the forest. These steps will update the rights granted to Exchange Servers in the Active Directory to meet the new permissions scope. More information on /PrepareAD and /PrepareDomain is available at this link.”