The FINAL list of all security updates (SU) released for older CU releases:
3/16/2021 released update for: E2013 SP1
3/11/2021 released updates for: E2019 RTM, CU1 and CU2. E2016 CU8, CU9, CU10 and CU11.
3/10/2021 released updates for: E2019 CU3. E2016 CU12, CU13 and CU17. E2013 CU21 and CU22.
3/8/2021 released updates for: E2019 CU4, CU5 and CU6. E2016 CU14, CU15 and CU16.
To help customers more quickly protect their environments in light of the March 2021 Exchange Server Security Updates, Microsoft is producing an additional series of security updates (SUs) that can be applied to some older (and unsupported) Cumulative Updates (CUs). The availability of these updates does not mean that you don’t have to keep your environment current. This is intended only as a temporary measure to help you protect vulnerable machines right now. You still need to update to the latest supported CU and then apply the applicable SUs. If you are already mid-update to a later CU, you should continue with that update.
With these new updates, you will have a new path you can take:
IMPORTANT: You must install .msp updates from elevated command prompt (see Known Issues in the update KB article)
These additional updates are available in KB5000871.
If you install these additional updates, please ensure that you continue to bring your Exchange environment to supported state as soon as possible. Our original announcement Released: March 2021 Exchange Server Security Updates contains information and resources that can help you plan your updates, troubleshoot problems, and help you with mitigations, investigation, and remediation of the vulnerabilities.
To aid defenders in investigating these attacks where Microsoft security products and tooling may not be deployed, we are releasing a feed of observed indicators of compromise (IOCs). The feed of malware hashes and known malicious file paths observed in related attacks is available in both JSON and CSV formats at the below GitHub links. This information is being shared as TLP:WHITE.
Please keep checking this blog post for any related updates.
The Exchange Team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.