[German]Microsoft had delayed the quarterly cumulative updates for Exchange Server, which actually come out on the third Tuesday of each month, to the end of the month (see info June 2021 Cumulative Update for Exchange Server postphoned). However, as of June 29, 2021, the quarterly cumulative updates (CUs) for Exchange Server have now been released. There are updates for Exchange Server 2016 and for Exchange Server 2019.
Microsoft announced the release in the Techcommunity post Released: June 2021 Quarterly Exchange Updates. These updates (CUs) include fixes for customer-reported issues, all previously released security updates, and a new security feature.
Here are the KB articles that describe the fixes in each release, and the product downloads include:
- Exchange Server 2019 Cumulative Update 10 (KB5003612), VLSC Download, Download
- Exchange Server 2016 Cumulative Update 21 (KB5003611), Download, UM Lang Packs
A full list of fixes is included in the KB article for each CU. These updates include schema and directory changes and therefore require administrators to prepare Active Directory (AD) and all domains (more information is available here). Schema changes can be tracked here. Best practices for a successful installation can be found in this document.
Note: Customers in Exchange hybrid deployments and those using Exchange Online archiving with an on-premises Exchange deployment must deploy a supported CU for the product version being used.
Recommendations from Microsoft
Microsoft recommends all customers test deploying an update in their lab environment to determine the correct installation process for your production environment. If updating from an older version of the CU, Microsoft recommends reading the Exchange Update Wizard zu for detailed steps.
To avoid installation issues, administrators should also ensure that the Windows PowerShell script execution policy is set to “Unrestricted” on the server being updated or installed. To verify the policy settings, run PowerShell’s Get-ExecutionPolicy cmdlet on the computer being upgraded. If the policy is NOT set to Unrestricted, use these steps to adjust the settings.
Exchange Server AMSI Integration
The June 2021 CUs include a new Exchange Server integration with AMSI (Antimalware Scan Interface) – Microsoft had announced this in this blog post. The AMSI integration in Exchange Server provides an AMSI-enabled antivirus/antimalware solution the ability to scan content in HTTP requests sent to Exchange Server and block a malicious request before it is processed by Exchange Server. The scan is performed in real-time by any AMSI-enabled antivirus/antimalware solution running on Exchange Server as soon as the server starts processing the request. This provides automatic mitigation and protection that complements the existing anti-malware protection in Exchange Server to make your Exchange servers more secure.
AMSI is present in Windows Server 2016 and Windows Server 2019, and the new integration is available in Exchange 2016 and Exchange 2019 when running on either of these operating systems. For Exchange 2016, the AMSI integration is available only when running on Windows Server 2016. It is not available for Exchange 2016 running on Windows Server 2012 or Windows Server 2012 R2.
Note: Because some customers are changing the web.config file on their Exchange Server, Microsoft informs that when the June 2021 CUs are installed, a new section will be added to the web.config of each HTTP service under <Module>. The entry will be named “HttpRequestFilteringModule” and must be present for AMSI integration to work .
Cookies helps to fund this blog: Cookie settings