“We’ve said it before, we’re saying it now, and we’ll keeping saying it: It is critical to keep your Exchange servers updated.”
Microsoft is reminding admins once again not only to stay current on the latest Cumulative Update (CU) and Security Update (SU) on all Exchange servers, but to also perform manual tasks to harden the servers’ environment. The Exchange Team recommended enabling Extended Protection and enabling certificate signing of PowerShell serialization payloads.
The Redmond Giant went on to say: “To defend your Exchange servers against attacks that exploit known vulnerabilities, you must install the latest supported CU (as of this writing, CU12 for Exchange Server 2019, CU23 for Exchange Server 2016, and CU23 for Exchange Server 2013”
After installing the updates, Microsoft recommends administrators run the Health Checker PowerShell script to make sure there are no additional tasks that need to be performed manually.
Microsoft recommends the following steps when updating Exchange Server:
- Be sure to always read our blog post announcements, noting known issues and recommended or required manual actions. For CUs, always follow our guidance and best practices, and for SUs, use the Security Update Guide to find relevant information.
- Be sure to review our update FAQ in the article Why Exchange Server Updates Matter.
- Use the Exchange Server Health Checker to inventory your servers and see which Exchange servers need updates (CUs or SUs), and if any manual action needs to be taken.
- Once you know what updates are needed, use the Exchange updates step-by-step guide (aka the Exchange Update Wizard) to choose your currently running CU and your target CU and get directions for updating your environment.
- If you encounter errors during update installation, the SetupAssist script can help troubleshoot them. And if something does not work properly after updates, have a look at the Update Troubleshooting Guide, which covers the most common issues and how to resolve them.
- Be sure to install any necessary updates for Windows Server and other software that might be running on your Exchange server(s).
- Be sure to install any necessary updates on dependency servers, including Active Directory, DNS, and other servers used by Exchange.
Keeping your Exchange environment secure is critical and an ongoing process. We’ve put together a list of 10 steps to help you secure your Exchange server.
Reach out to Messageware to improve Microsoft Exchange Server Security
If you are not protecting all the protocols used by your Exchange Server, you’re putting your company at a higher risk of a data breach.
Security incidents happen frequently. They cause disruption, loss of data and potentially risk the reputation of your company. However, if you implement these steps, you’re doing more than most other companies.