Exchange Server September 2021 CU (2021/09/28)

Update[German]Microsoft has released the Exchange quarterly cumulative updates (CU) for September 2021, effective September 28. The quarterly cumulative updates (CUs) are available for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer-reported issues, all previously released security updates and a new security feature. Microsoft Exchange Emergency Mitigation Service is also introduced as a new feature.


Advertising

Release details and downloads

In  the Techcommunity  post Released: September 2021 Quarterly Exchange Updates Microsoft has provided download details for the available September 2021 quarterly Exchange Cumulative Updates (CU) as of September 28:

The list of fixed issues can be found in the linked support posts KB5005334 and KB5005333. The CU 11 for Exchange Server 2019 and the CU 22 for Exchange Server 2016 require .NET Framework 4.8. Security-related issues do not appear to have been fixed in these CUs.

  • Before updating, administrators should verify the Exchange Server authorization certificate. More information can be found in this KB article.
  • If load balancing is used, more information on the update can be found in this KB article.

The known issues associated with this update can be read in detail in the two linked support articles KB5005334 And KB5005333. However, Microsoft recommends testing the updates in their lab environment before running the installation process.

Changes/New features in CU11/CU22

As addressed in the blog post Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Servic with Microsoft Exchange Emergency Mitigation Service, the Emergency Mitigation Service will be installed with the September 2021 CUs. This service can take the necessary steps to automatically mitigate or eliminate vulnerabilities on Microsoft Exchange servers in the event of critical security issues in Exchange software. This is intended to harden Exchange against critical vulnerabilities that are not immediately closed by patches.

Because of the newly introduced Emergency Mitigation Service, Microsoft has made the following changes to the setup of the new CUs.


Advertising

  • The unattended setup switch has changed. The previous /IAcceptExchangeServerLicenseTerms switch will no longer work starting with the September 2021 CUs. The /IAcceptExchangeServerLicenseTerms_DiagnosticDataON or /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF options must be used for unattended and scripted installations.
  • The IIS URL Rewrite module is now a prerequisite for Exchange Server installation. It must be installed separately and is not installed as part of Exchange Setup (you need the x64 MSI version).

Details are available from the Techcommunity post Released: September 2021 Quarterly Exchange Updates and the support articles for the updates.

Similar articles:
Security updates for Exchange Server (July 2021)
Cumulative Exchange CUs June 2021 released
Exchange Server Security Update KB5001779 (April 13, 2021)
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange security updates from July 2021 breaks ECP and OWA
Exchange 2016/2019: Outlook problems due to AMSI integration
Wave of attacks, almost 2,000 Exchange servers hacked via ProxyShell
Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)
Exchange Server: Authentication bypass with ProxyToken
Exchange vulnerabilities: Will we see Hafnium II?
Exchange 2016/2019: Outlook problems due to AMSI integration
Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service


Advertising

This entry was posted in Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).