So this morning I tested the installation of the patch KB5000971 on exchange 2016 CU18 US version servers with reference to the Microsoft article Next: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Before that I executed on the exchange servers the famous Healthchecker that can be found on the following link. https://github.com/dpaulson45/HealthChecker#download
Who report this
Yes I know! The SMB V1 is still active which is not good. But after all it’s a mockup 😉
Concerning the patches to be applied on the Exchange 2016 CU18 servers, I have identified four of them. All four are dated March 2, 2021 and all refer to the same article 5000871.
For Exchange 2016 CU18 the article refers to the following security patch: https://www.microsoft.com/en-us/download/details.aspx?id=102773
For the other versions here are the download links.
Download Security Update For Exchange Server 2019 Cumulative Update 8 (KB5000871)
Download Security Update For Exchange Server 2019 Cumulative Update 7 (KB5000871)
Download Security Update For Exchange Server 2016 Cumulative Update 19 (KB5000871)
Download Security Update For Exchange Server 2016 Cumulative Update 18 (KB5000871)
Download Security Update For Exchange Server 2013 Cumulative Update 23 (KB5000871)
So I installed this version
So I installed this update on Exchange 2016 CU18 US servers. The test was done on Dag servers one after the other and on servers with this configuration
NODE 1
Le déroulé de l’installation est du plus grand classique Microsoft
As you can see the patch stops the Exchange services and switches them to « disabled » as shown in the screenshot below
And with these programs
The stake seems rather long but difficult to judge on a VM machine in SSD with 4 Go of Ram . it lasted well 30 Minutes.
Once installed you will be asked to restart the server.
At the reboot … of the great classic as well
After several tens of minutes: unfortunately
The server reboot and then
After rebooting i can see that the security update has not been applied
I decided to remove Trend Microsoft Scanmail for Microsoft Exchange (IN case of) and increase the ram of the VM (12G0)
Restarting the server, All exchange services are running again and relaunch the KD update Exchange2016-KB5000871-x64-en. This time everything was a little bit faster (Thanks to 12 Go of ram) . And strangely no reboot request. I still restarted and checked the Exchange services. All was Ok
Running : [PS] C:\sources>.\HealthChecker.ps1
The result is better no ?
Let see now with the second node.
NODE 2
The Trend Micro scanmail program has been removed and the VM have 12 Go of ram
The effect of the Update is CPU important
Reboot is required after the installation. All exchange services are UP and all databases.
And after running the health check script, everything is good.