Microsoft has just released a critical out-of-band Security Update for all Exchange Server versions, referred to as the March 2021 Security Update for Exchange Server. It is highly recommended to apply this Security Update to all your Exchange Servers as soon as possible.
Installing the Security Update
To apply the new Security Update (KB5000871), the Exchange Servers need to be on the latest Cumulative Update (CU) or for Exchange 2010 Rollup Update (RU).
The Security Update is available for the following Exchange Server versions – with download links:
- Exchange 2019 CU8 & Exchange 2019 CU7
- Exchange 2016 CU19 & Exchange 2016 CU18
- Exchange 2013 CU23
- Exchange 2010 SP3 – RU32
Download the Security Update for the specific version, your Exchange Servers are running.
So if your Exchange Servers are not on one of the above Exchange versions, it is important to update your Exchange Servers first, before you can install the Security Update.
To install the Security Update, run the installer from an elevated command prompt, to prevent any issues during installation.
My experience with installing the Security Update is that it can take anything between 15 min to 1 hour to apply, depending on the server og Exchange version.
Remember to restart your servers, after applying each update.
Jeff Guillet has also made a good blog post on how to update:
Official Information about the vulnerability and the update
Microsoft EMEA held a webcast about the Out-of-Band update and the incident, which can be found here:
The slide deck from the webcast, with info and instructions can be found here:
The official Exchange Team Blog post about the Security Update:
Read more in this Microsoft blog post, about how to detect the vulnerbility using Endpoint Defender or Azure Sentinel:
There is already a ton of great information available, for further information on the actual vulnerbility, some of these great resources are:
- https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/
- https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
- https://isc.sans.edu/diary/rss/27164
Confirm Security Update Install
If you want to confirm, that the Security Update (KB5000871) has been installed on all the Exchange Servers in your environment, you can run the following PowerShell from the Exchange Management Shell:
Get-ExchangeServer | % { Invoke-Command -ComputerName $_.name -ScriptBlock { Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -like "*KB5000871*" }}} | select pscomputername, Displayname | sort pscomputername | ft
Mitigation
Microsoft has posted some great information on mitigation of the vulnerability here: