How to install Exchange CU 23?

SenhorDolas 986 Reputation points
2021-03-15T16:35:49.737+00:00

Hey All
On the back of the Hafnium threat I need to install the latest CU to be able to install the out of band patches.
We are hybrid and only use the internal exchange servers (these are on CU20) for management and the email relay for internal systems.
Never done this before.
How should I install CU23?
Do I need to prepare schema or is like any other next next update?
Anything I should be aware of?
Thanks a million guys.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,084 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,235 questions
{count} votes

Accepted answer
  1. Andy David - MVP 109.5K Reputation points Microsoft MVP
    2021-03-15T16:57:36.997+00:00

    Follow these steps, rebooting after EACH step and running from an ELEVATED PROMPT.

    https://learn.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2013

    Run each step separately:
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

    Install .net 4.8
    https://learn.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework

    Then install CU23:

    https://www.microsoft.com/en-us/download/details.aspx?id=58392

    Then install the security patch:

    Critical Patch:
    https://www.microsoft.com/en-us/download/details.aspx?id=102775

    Once you are patched, you need to investigate to see if your server has been compromised and scan your server for known exploits:

    https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

    Microsoft Support Emergency Response Tool (MSERT) to scan Microsoft Exchange Server

    https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

    https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

    If you find no evidence of actual compromise, then you are probably ok, but look to getting a quality anti-malware solution for Exchange for ongoing protection.

    If any of your security detections or the investigation tools results lead you to suspect that your Exchange servers have been compromised and an attacker has actively engaged in your environment, execute your Security Incident Response plans, and consider engaging experienced Incident Response assistance. It is particularly critical if you suspect that your Exchange environment is compromised by a persistent adversary that you coordinate your response using alternative communications channels as mentioned earlier in this document.


1 additional answer

Sort by: Most helpful
  1. KyleXu-MSFT 25,611 Reputation points
    2021-03-16T06:56:06.81+00:00

    @SenhorDolas

    I noticed that you deployed hybrid in your organization. The attack is using 443 port, although you may restrict the IP addresses allowed to connect, I still recommend that you update Exchange to the latest CU and install the patch for safety reasons.

    As the information that provided by AndyDavid, you need to install .net 4.7.2 or 4.8, then update(Double-click the installation package) Exchange 2013 to CU 23 and install the patch(Run PowerShell with administrator right, then run this patch from PowerShell).


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    No comments