question

SenhorDolas-2197 avatar image
0 Votes"
SenhorDolas-2197 asked SenhorDolas-2197 commented

How to install Exchange CU 23?

Hey All
On the back of the Hafnium threat I need to install the latest CU to be able to install the out of band patches.
We are hybrid and only use the internal exchange servers (these are on CU20) for management and the email relay for internal systems.
Never done this before.
How should I install CU23?
Do I need to prepare schema or is like any other next next update?
Anything I should be aware of?
Thanks a million guys.

office-exchange-server-administrationoffice-exchange-hybrid-itprooffice-exchange-server-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SenhorDolas-2197

Any update about this thread now?
If the suggestion below helps, please be free to mark it as an answer for helping more people.

0 Votes 0 ·
AndyDavid avatar image
1 Vote"
AndyDavid answered SenhorDolas-2197 commented

Follow these steps, rebooting after EACH step and running from an ELEVATED PROMPT.

https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2013

Run each step separately:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

Install .net 4.8
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework



Then install CU23:

https://www.microsoft.com/en-us/download/details.aspx?id=58392

Then install the security patch:

Critical Patch:
https://www.microsoft.com/en-us/download/details.aspx?id=102775


Once you are patched, you need to investigate to see if your server has been compromised and scan your server for known exploits:

https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

Microsoft Support Emergency Response Tool (MSERT) to scan Microsoft Exchange Server

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

If you find no evidence of actual compromise, then you are probably ok, but look to getting a quality anti-malware solution for Exchange for ongoing protection.

If any of your security detections or the investigation tools results lead you to suspect that your Exchange servers have been compromised and an attacker has actively engaged in your environment, execute your Security Incident Response plans, and consider engaging experienced Incident Response assistance. It is particularly critical if you suspect that your Exchange environment is compromised by a persistent adversary that you coordinate your response using alternative communications channels as mentioned earlier in this document.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AndyDavid

Thanks for the detailed steps - really awesome.

I noticed that the Schema has not changed since CU20, do I still need to run those 3 x commands?
78169-schemadoc.png



This is a VM machine, would a snapshot be a good revert backup?

Thanks, M

0 Votes 0 ·
schemadoc.png (47.1 KiB)
AndyDavid avatar image AndyDavid SenhorDolas-2197 ·

Yes, run each command separately.
Why? :)

Because in order for Exchange to correctly stamp permission changes, PrepareAD needs to be by itself. Running each step also allows you to easily see that each step completes successfully.

As far as a snapshot, its not supported to restore an Exchange snapshot to production. You can take one, but not supported to actually use it :)
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/virtualization?view=exchserver-2019

However, virtual machine snapshots aren't application aware, and using them can have unintended and unexpected consequences for a server application that maintains state data, such as Exchange. As a result, making virtual machine snapshots of an Exchange guest virtual machine isn't supported.


0 Votes 0 ·

Sorry for the delay.
This answer is spot on.
Thanks you so much for your time.

0 Votes 0 ·
KyleXu-MSFT avatar image
1 Vote"
KyleXu-MSFT answered

@SenhorDolas-2197

I noticed that you deployed hybrid in your organization. The attack is using 443 port, although you may restrict the IP addresses allowed to connect, I still recommend that you update Exchange to the latest CU and install the patch for safety reasons.

As the information that provided by AndyDavid, you need to install .net 4.7.2 or 4.8, then update(Double-click the installation package) Exchange 2013 to CU 23 and install the patch(Run PowerShell with administrator right, then run this patch from PowerShell).


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.