Admins who haven’t stored their stand-alone Exchange server updated with patches could have problem making use of the replace Microsoft launched per week in the past to patch the four flaws within the software program which is being actively exploited by the Chinese hacker group which is estimated to have compromised greater than 60,000 installations thus far.
Microsoft’s preliminary steering was for admins to convey their servers updated after which apply the patches, however the firm acknowledged that this can be troublesome to do in all manufacturing environments.
Microsoft has now launched patches for the four flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) which comprises no different fixes or enhancements, and that are designed to be utilized to un-updated installations of Exchange 2016 and 2019.
Admins can now set up the updates and be protected, after which convey their servers updated with common Cumulative Updates at their leisure.
Microsoft notes:
These replace packages comprise solely fixes for March 2021 CVEs (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065); no different product updates or safety fixes are included. Installing these updates does not imply an unsupported CU is now supported.Updates can be found solely by means of the Microsoft Download Center (not on Microsoft Update).We are producing updates just for some older CUs for Exchange 2016 and 2019.If you might be operating a model of Exchange not coated by these updates, take into account both rolling ahead to a CU package deal that has an relevant SU, or rolling ahead to a supported CU (most well-liked possibility). In case you might want to go ahead with CUs, please see: greatest practices for set up of Exchange updates (applies to all variations of Exchange).
A reboot is required.
Read all of the element on getting the patches at Microsoft right here.
