Updates for customers - important to know

 Viktoria Gindosova, [03.03.21 14:10]

[In reply to Aleksey Grigoriev]

По обновлениям - 

Updates for customers - important to know

As stated in the patch download, install the update from an elevated CMD, otherwise some files are not correctly updated. Do NOT simply double-click the patch

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b

In some cases the update does not ask for a reboot after installation. Always reboot when the installation has finished

Can I determine if I have been compromised by this activity?

The script at https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ has a typo, here is the corrected version

Import-Csv -Path (Get-ChildItem -Recurse -Path “$env:PROGRAMFILES\Microsoft\Exchange Server\V15\Logging\HttpProxy” -Filter ‘*.log’).FullName | Where-Object { $_.AuthenticatedUser -eq "" -and $_.AnchorMailbox -like ‘ServerInfo~*/*’ } | select DateTime, AnchorMailbox

Ну и читайте таки ридми.

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/