February 2024 Exchange Server Security Updates

Hi All,
Yesterday, Microsoft has anounced on the Exchange Team Blog the 2024 H1 Cumulative Update (Exchange 2019 CU14) Update.
News:
- Exchange 2016 ist supported only with the latest CU (CU23) - Update to the latest Security Update (SU)
Exchange 2019 CU14:
- Exchange Server Support for Windows Extended Protection is enabled by default (Can be disabled with Setup Parameter /DoNotEnableEP or /DoNotEnableEPFEEWS but is not recommended)
- Read the Prerequisites for enabling Extended Protection on Exchange server
- New Exchange Schema Version (setup.exe /prepareAD)
- .NET Framework 4.8.1 support on Windows Server 2022
- TLS 1.3 support moved to CU15
- To address CVE-2024-21410 (also released today) - Extended Protection needed to be enabled
Here is the Process for updating from Microsoft


I would regommend to enable Extended Protection first on a earlyer Version and make sure it works, before upgrading to Exchange 2019 CU14
Updating Exchange Mailbox Role
I’ve checked the Exchange Schema Version before the Update


Then i mounted the ISO and started the setup.exe


















There is a Pending Reboot - so i need to reboot the Server first


Now we are ready for the update


In the First step, the Exchange Schema is updated


I’ve checked the Exchange Schema Version before the Update
Only the Object Version has been changed from 16761 to 16762








If you download the newest Exchange Healthchecker, you need to Unblock it before the first run


Run the Healthckeer




I decided to run the Exchange Extended Protection Script


And run the Healthchecker again


Dotnet Framework 4.8.1
I’ve downloaded the Offline Installer Runtime






You have to reboot after the Installation of the Dotnet Framework




You can use the Script below to check your Dotnet Framework Version
$release = Get-ItemPropertyValue -LiteralPath 'HKLM:SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full' -Name Release
switch ($release) {
{ $_ -ge 533320 } { $version = '4.8.1 or later'; break }
{ $_ -ge 528040 } { $version = '4.8'; break }
{ $_ -ge 461808 } { $version = '4.7.2'; break }
{ $_ -ge 461308 } { $version = '4.7.1'; break }
{ $_ -ge 460798 } { $version = '4.7'; break }
{ $_ -ge 394802 } { $version = '4.6.2'; break }
{ $_ -ge 394254 } { $version = '4.6.1'; break }
{ $_ -ge 393295 } { $version = '4.6'; break }
{ $_ -ge 379893 } { $version = '4.5.2'; break }
{ $_ -ge 378675 } { $version = '4.5.1'; break }
{ $_ -ge 378389 } { $version = '4.5'; break }
default { $version = $null; break }
}
if ($version) {
Write-Host -Object ".NET Framework Version: $version"
} else {
Write-Host -Object '.NET Framework Version 4.5 or later is not detected.'
}
Updating Exchange Edge Role
I’ve decided to check first for pending Reboot


Installation of Exchange Server 2019 CU 14














As there are less Services on a Exchange Server Edge Role - there are less Steps






Install the Dotnet Framework 4.8.1
Regards
Andres Bohren

Exchange Logo
