Detections
Analytics

EX19-MB-000244 - Exchange must have the most current, approved Cumulative Update installed.

Information

Failure to install the most current Exchange Cumulative Update (CU) leaves a system vulnerable to exploitation. Current CUs correct known security and system vulnerabilities.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Consult the EDSP for the accepted update process within the organization.

Install the most current, approved CU. Microsoft recommends as a best practice to always install the latest CU when creating a new server. Existing servers keep as up-to-date as possible and backup any customizations. Follow any additional recommendations by going to the following website:
https://learn.microsoft.com/en-us/Exchange/plan-and-deploy/install-cumulative-updates?view=exchserver-2019

All Exchange 2019 updates can be found on the Microsoft Exchange update site:
https://learn.microsoft.com/en-us/Exchange/new-features/updates?view=exchserver-2019

Exchange CUs must be manually downloaded. Since CUs are full installations of Exchange, there is no need to install the 'Release to Manufacturer' version first. However, once installed, it cannot be uninstalled. Installation must be done on a test server first before placing in production to ensure that it does not disrupt services or conflict with existing configurations.

Note: Some CUs will require an Active Directory Schema extension, which adds new Exchange attributes. Consult the EDSP and ensure appropriate permissions before beginning an update.

Note: Security updates (SUs) can be downloaded and triggered through Windows Updates by going to Windows Update >>Advanced Options >> 'Choose how updates are installed' and select the box 'Give me updates for other Microsoft products when I update Windows' if the Exchange server is connected to the web or internal Windows Update Services.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2019_Y25M07_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c., CAT|II, CCI|CCI-002605, Rule-ID|SV-259711r961683_rule, STIG-ID|EX19-MB-000244, Vuln-ID|V-259711

Plugin: Windows

Control ID: 03b6536c4524b10296fcaaf47678a4d2861b2a9db3bf7566be0cf48813e324ec