This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 61%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hey All
On the back of the Hafnium threat I need to install the latest CU to be able to install the out of band patches.
We are hybrid and only use the internal exchange servers (these are on CU20) for management and the email relay for internal systems.
Never done this before.
How should I install CU23?
Do I need to prepare schema or is like any other next next update?
Anything I should be aware of?
Thanks a million guys.
Any update about this thread now?
If the suggestion below helps, please be free to mark it as an answer for helping more people.
Follow these steps, rebooting after EACH step and running from an ELEVATED PROMPT.
Run each step separately:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains
Install .net 4.8
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework
Then install CU23:
https://www.microsoft.com/en-us/download/details.aspx?id=58392
Then install the security patch:
Critical Patch:
https://www.microsoft.com/en-us/download/details.aspx?id=102775
Once you are patched, you need to investigate to see if your server has been compromised and scan your server for known exploits:
Microsoft Support Emergency Response Tool (MSERT) to scan Microsoft Exchange Server
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
If you find no evidence of actual compromise, then you are probably ok, but look to getting a quality anti-malware solution for Exchange for ongoing protection.
If any of your security detections or the investigation tools results lead you to suspect that your Exchange servers have been compromised and an attacker has actively engaged in your environment, execute your Security Incident Response plans, and consider engaging experienced Incident Response assistance. It is particularly critical if you suspect that your Exchange environment is compromised by a persistent adversary that you coordinate your response using alternative communications channels as mentioned earlier in this document.
Thanks for the detailed steps - really awesome.
I noticed that the Schema has not changed since CU20, do I still need to run those 3 x commands?
This is a VM machine, would a snapshot be a good revert backup?
Thanks, M
Yes, run each command separately.
Why? :)
Because in order for Exchange to correctly stamp permission changes, PrepareAD needs to be by itself. Running each step also allows you to easily see that each step completes successfully.
As far as a snapshot, its not supported to restore an Exchange snapshot to production. You can take one, but not supported to actually use it :)
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/virtualization?view=exchserver-2019
However, virtual machine snapshots aren't application aware, and using them can have unintended and unexpected consequences for a server application that maintains state data, such as Exchange. As a result, making virtual machine snapshots of an Exchange guest virtual machine isn't supported.
Sorry for the delay.
This answer is spot on.
Thanks you so much for your time.
I noticed that you deployed hybrid in your organization. The attack is using 443 port, although you may restrict the IP addresses allowed to connect, I still recommend that you update Exchange to the latest CU and install the patch for safety reasons.
As the information that provided by AndyDavid, you need to install .net 4.7.2 or 4.8, then update(Double-click the installation package) Exchange 2013 to CU 23 and install the patch(Run PowerShell with administrator right, then run this patch from PowerShell).
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.