Today we are announcing the availability of quarterly servicing cumulative updates (CUs) for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer reported issues as wel...
Updated Mar 18, 2021
Version 4.0
Blog Post
Hey Microsoft.....
Would you or anyone on the team that publishes info for the Mitigation tools please include if the ps1 scripts for exchange servers can be run in production yes/no? I am sure that there are some admin who cannot take a server down during production hours. If these scripts can be run on a production server while in use it sure would be helpful to know!
https://msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/#Am_I_vulnerable_to_this_threat
Immediate temporary mitigations
The following mitigation options can help protect your Exchange Server until the necessary Security Updates can be installed. These solutions should be considered temporary, but can help enhance safety while additional mitigation and investigation steps are being completed.
- Run https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Feomt&data=04%7C01%7CSerguei.Repnev%40jud.ca.gov%7Cc4da0635df22480c48bd08d8fded93d9%7C10cfa08a5b174e8fa245139062e839dc%7C0%7C0%7C637538544121700111%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Fyx4Z51S82OzlR3y5ZazNiBS5nPHWPrv2mXbq5B0sOc%3D&reserved=0 (Recommended) – The Exchange On-premises Mitigation Tool (EOMT.ps1) mitigates CVE-2021-26855 and attempts to discover and remediate malicious files. When run, it will first check if the system is vulnerable to CVE-2021-26855 and, if so, installs a mitigation for it. It then automatically downloads and runs Microsoft Safety Scanner (MSERT). This is the preferred approach when your Exchange Server has internet access.
- Run https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FCSS-Exchange%2Ftree%2Fmain%2FSecurity%23exchangemitigationsps1&data=04%7C01%7CSerguei.Repnev%40jud.ca.gov%7Cc4da0635df22480c48bd08d8fded93d9%7C10cfa08a5b174e8fa245139062e839dc%7C0%7C0%7C637538544121700111%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=P3fWgNCxKKdgYU9W%2FBoUeeDg9Bul37bO05fRPoN9Jn8%3D&reserved=0 – The ExchangeMitigations.ps1 script applies mitigations but doesn’t perform additional scanning. This is an option for Exchange Servers without internet access or for customers who do not want Microsoft Safety Scanner to attempt removing malicious activity it finds.