1,452 questions
No, you can't install an older patch. I would suggest you follow the advice for that vulnerability if you want to fix:
What happen about this? Please suggestion!
Tanisorn Sowudomsilp
251
Reputation points
Dear All,
Last Friday, I have updated latest SU as the security update for Microsoft Exchange Server 2019, 2016, and 2013: February 14, 2023 (KB5023038) for all Exchange Servers but today I still get the Exchange Server Vulnerability "CVE-2021-34473" and "CVE-2021-31206" notification from Trend Micro product please see the picture below, latest SU no fix these CVEs?
Thank you very much,
Tanisorn.
Exchange | Exchange Server | Other
Exchange | Exchange Server | Development
587 questions
Exchange | Exchange Server | Management
7,925 questions
{count} votes
-
Tanisorn Sowudomsilp 251 Reputation points
2023-02-22T04:23:44.5233333+00:00 If I installed the latest SU, I need Install this SU? The latest SU does not include these "CVE-2021-34473" and "CVE-2021-31206" issues? I found this word that still is it correct?
"Note: The Exchange Server Security Updates are cumulative. If you are running the CU that the SU can be installed on, you do not need to install all the SUs in sequential order but can install the latest SU only"
Please suggestion me?
Thank you very much.
Sign in to comment
Accepted answer
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2023-02-22T14:21:55.53+00:00 -
Tanisorn Sowudomsilp 251 Reputation points
2023-02-22T16:04:16.34+00:00 Hi Andy David,
I confuse that why the latest SU does not include all existing vulnerabilities?
Can I uninstall the latest SU?
Thank you so much,
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2023-02-22T16:41:03.4233333+00:00 Hi, the ones still showing as active require some manual intervention. The instructions show how to fix:
-
Tanisorn Sowudomsilp 251 Reputation points
2023-02-22T16:58:32.68+00:00 Hi, Andy David,
Thank you very much for your suggestion but I have a little question to ask you regarding the wildcard certificate can use with the "domain.mail.xxx.com"?
For example:
- I assume my domain is test.com and I use wildcard certificate is *.test.com.
- After do by your suggestion link, can I use the domain.mail.test.com with the wildcard certificate? or only change to SAN certificate?
Thank you very much,
Tanisorn
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff2023-02-28T05:38:38.3833333+00:00 Please also understand that in order to solve the problem quickly, and in order to make each case clearer for other forum users, we usually focus on one issue in one post.
If Andy’s reply was helpful, you can click the "Accept Answer" button under his post to close this thread.
If you need further assistance with certificates, we recommend that you open a new post on the appropriate forum.
Thank you for your understanding and support.
Sign in to comment -
2 additional answers
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2023-02-22T12:37:12.56+00:00 There was a known issue with the initial offered SU, you may want to download it again and reinstall
-
Tanisorn Sowudomsilp 251 Reputation points
2023-02-22T13:27:26.2033333+00:00 Hi Andy David,
I manual download and install it on 17-Feb-2023 from https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-february-14-2023-kb5023038-2e60d338-dda3-46ed-aed1-4a8bbee87d23
Not update from Windows update! sir.
Is it possible that the latest SU does not include these "CVE-2021-34473" and "CVE-2021-31206" issues?
Can I install old patch of KB5004778 and KB5019758?
Thank you very much,
Tanisorn
Sign in to comment -
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2023-02-22T13:35:52.02+00:00 CVE-2021-31206 is old though right?
Run the health checker against your servers instead to verify you are up to date:
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
If it says you are good, then you are ok and the Trend Micro stuff is wrong.
-
Tanisorn Sowudomsilp 251 Reputation points
2023-02-22T13:54:13.85+00:00 Yes, sir.
It is old patch, but if I run HealthChecker.ps1 then the report still shows vulnerability of CVE-2021-34473" and "CVE-2021-31206. What should I do next to? reinstall latest patch again?
Thanks,
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2023-02-22T13:56:55.5+00:00 Can you post where it says that in the health checker? If you are running the latest SU you should be covered
-
Tanisorn Sowudomsilp 251 Reputation points
2023-02-22T14:17:19.03+00:00 Hi Andy David,
Another my customer is the issue same too. please see the picture below,
I Install latest security patch "14-Feb-2023" after ran the healthCheck.ps1 that the result shows vulnerability of CVE-2022-24516, CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-30134. What should I do? Install old patch?
These CVE-2022-24516, CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-30134. are old patch see picture below,
Sign in to comment -