question

Sbastien-9090 avatar image
0 Votes"
Sbastien-9090 asked ZhengqiLou-MSFT commented

KB 5000871 Exchange Server Security Update - OWA/ECP issue

Hello,

I recently applied the KB5000871 on Exchange Server 2013 servers to patch the Exchange vulnerabilities of March 2021. After this application, I had an issue with the ECP and OWA, it was no longer accessible. I know now this is a known issue and that it happened because I didn't run the update via an elevated cmd prompt.

Then, I ran the following scripts located in the Exchange installation folder : UpdateConfigFiles.ps1 and UpdateCAS.ps1. That solved the issue : the OWA and ECP were available again.

However, I have a question : does the application of these two scripts remove the benefits of the KB (as vulnerabilities mainly affect the OWA and ECP) ?

I need to be sure that the vulnerabilities are still fixed.

Is there a Microsoft Exchange expert who could answer me ?

Thank you a lot in advance,

Sébastien

office-exchange-server-administrationoffice-exchange-server-connectivityoffice-exchange-server-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManuPhilip avatar image
0 Votes"
ManuPhilip answered

This the known issue mentioned in the documentation here: description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b

79846-image.png

So, to install the fix successfully, Disabled UAC and ran de update as administrator.
UpdateCas.ps1 script reverts the changes made with the failed updates from the back up directory


image.png (37.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered ZhengqiLou-MSFT commented

Hi @Sbastien-9090 ,

No you don't have to worry about it. Since the SU has enhanced the defense of your server and the scripts won't break it.
The scripts

Also you could use the Test-ProxyLogon.ps1 to detect any potential attacker activity.
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

Regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (16.8 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Sbastien-9090 ,

Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

Regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Hi @Sbastien-9090 ,

It has been a long time since last reply, did these suggestions help you? If the above suggestion helps, please click “Accept as answer” to mark helpful reply as an answer to close this thread. Your action would be helpful to other users who encounter the same issue and read this thread.

Regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·