How to patch your Exchange server (April 2021 vulnerability)

Microsoft has released a emergency fix for Exchange 2010, 2013, 2016 and 2019 versions.

In April do not discover yourself by a thread as they say .. well know that one new major security vulnerability was detected and officially announced on April 13 by the NSA.

This flaw allows executing code and then controlling the server using the https protocol (port 443).

To put it simply, here is a guide to patching quickly its Exchange mail server.

Of course if you are sure Microsoft 365 (Exchange Online) you are not concerned!

Prerequisites to patch your Exchange server

Update April 14, 2021

Redesign of the tutorial with the latest KB to patch the vulnerabilities of April.

It is highly recommended to upgrade to the latest Rollups and apply KB!

Update March 19, 2021

Microsoft released on March 16 a new rollup for exchange 2016 and exchange 2019.

For Exchange 2016 it’s about Rollup 20

For Exchange 2019 it’s about Rollup 9

These fixes include the Mars Critical Vulnerability Patch and fix a problem with viewing PDF files within OUTLOOK! l). The flaws detected in April are not patched. You must therefore apply a corrective (KB5001779).

To correct the flaw your Exchange server must be in version 2013, 2016 or 2019.

In addition, you must have installed the latest Rollups (Cumulative Update generally called CU).

So here are the minimum corrections needed to apply the patch

  • Exchange Server 2013 (CU 23)
  • Exchange Server 2016 (CU 20 or CU 19)
  • Exchange Server 2019 (CU 9 or CU 8)

here is full list of Exchange fixes you will also find there the links to download the cumulative update.

cumulative exchange update
The official Exchange patch table

Step 1 – Check the version of your Exchange server

Before you start, therefore, check that your exchange version has the minimum corrective necessary for the patch.

You can run this Powershell command in the Exchange Management Shell

exchange management shell

Get-ExchangeServer | Format-List Name,Edition,AdminDisplayVersion

The command then returns you the full version of your Exchange version (15.XX), compare this number with the list of exchange versions available on the official Microsoft page.

build exchange
here is the result of the command for my Exchange 2016 server.

In the event that your version of Exchange meets the prerequisites minimum then you can switch tostep 3.

Otherwise you must install the latest cumulative update available. For servers Exchange 2016 and Exchange 2019 latest cumulative corrects Mars flaws.

Step 2 – Install the latest cumulative Update

The cumulative update installs rather easily. You must download and install the one corresponding to the version of your Exchange server.

You must download them directly from the Microsoft site:

Please note that the patches are large because they contain all the files for a complete installation of an Exchange server!

The patch is an Iso file that you need to mount, then you need to run the setup.exe file

iso exchange content

Follow the setup wizard nothing to report to complete the installation.

Be careful when installing the Exchange services will be stopped, your mail server will be unavailable. Finally a restart is required.

Once restarted your cumulative update is installed!

Step 3 – Install the Exchange patch (April 2021 vulnerability)

Be careful if your Exchange server has rollup 20 for exchange 2016 or rollup 9 for exchange 2019, the fix is ​​necessary!

Your server meets the prerequisites so you must download the necessary update.

  • For Exchange 2013, 2016, 2019 this is the KB5001779
  • Exchange 2010 is no longer supported, the last update KB5000978

a quick link to download the fix is available here:

April 2021 exchange update scheme
Diagram of the Exchange update for April 2021 (source Microsoft)

Depending on the version of your Exchange server AND the Cumulative Update installed, the download links are different. Here is the list of patches to correct the March 2021 exchange breach.

Exchange 2019 Patches

Exchange 2016 Patches

Patch Exchange 2013

Patch Exchange 2010 (only for March 2021 vulnerability)

Once the file has been downloaded, let yourself be guided to install the patch. a restart is necessary.

patch exchange kb5001779
Beginning of installation of the April 2021 hotfix for Exchange

Well done you patched your Exchange server!

Full Source and Microsoft Official:

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker