Microsoft Exchange / 2 Mars 2021 / HAFNIUM targeting Exchange Servers / Test Security Update

So this morning I tested the installation of the patch KB5000971 on exchange 2016 CU18 US version servers with reference to the Microsoft article Next: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Before that I executed on the exchange servers the famous Healthchecker that can be found on the following link. https://github.com/dpaulson45/HealthChecker#download

Who report this

Yes I know! The SMB V1 is still active which is not good. But after all it’s a mockup 😉

Concerning the patches to be applied on the Exchange 2016 CU18 servers, I have identified four of them. All four are dated March 2, 2021 and all refer to the same article 5000871.

For Exchange 2016 CU18 the article refers to the following security patch: https://www.microsoft.com/en-us/download/details.aspx?id=102773

For the other versions here are the download links.

• Download Security Update For Exchange Server 2019 Cumulative Update 8 (KB5000871)
• Download Security Update For Exchange Server 2019 Cumulative Update 7 (KB5000871)
• Download Security Update For Exchange Server 2016 Cumulative Update 19 (KB5000871)
• Download Security Update For Exchange Server 2016 Cumulative Update 18 (KB5000871)
• Download Security Update For Exchange Server 2013 Cumulative Update 23 (KB5000871)

So I installed this version

So I installed this update on Exchange 2016 CU18 US servers. The test was done on Dag servers one after the other and on servers with this configuration

NODE 1

Le déroulé de l’installation est du plus grand classique Microsoft

 

 

As you can see the patch stops the Exchange services and switches them to « disabled » as shown in the screenshot below

And with these programs

The stake seems rather long but difficult to judge on a VM machine in SSD with 4 Go of Ram . it lasted well 30 Minutes.

Once installed you will be asked to restart the server.

At the reboot … of the great classic as well

After several tens of minutes: unfortunately

The server reboot and then

After rebooting i can see that the security update has not been applied

I decided to remove Trend Microsoft Scanmail for Microsoft Exchange (IN case of) and increase the ram of the VM (12G0)

Restarting the server, All exchange services are running again and relaunch the KD update Exchange2016-KB5000871-x64-en. This time everything was a little bit faster (Thanks to 12 Go of ram) . And strangely no reboot request. I still restarted and checked the Exchange services. All was Ok

Running : [PS] C:\sources>.\HealthChecker.ps1

The result is better no ?

Let see now with the second node.

NODE 2

The Trend Micro scanmail program has been removed and the VM have 12 Go of ram

The effect of the Update is CPU important

 

Reboot is required after the installation. All exchange services are UP and all databases.

And after running the health check script, everything is good.