5.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.2%
**Important:**This regularly scheduled cumulative update contains all the security fixes of the security updates in June and other previous security updates…
Cumulative Update 21 for Microsoft Exchange Server 2016 was released on June 29, 2021. This cumulative update includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. These fixes will also be included in later cumulative updates for Exchange Server 2016.
This update also includes new daylight saving time (DST) updates for Exchange Server 2016. For more information about DST, see Daylight Saving Time Help and Support Center.
Microsoft Exchange Server 2016 now supports integration with Windows Antimalware Scan Interface (AMSI). This feature enables an AMSI-capable antivirus or antimalware solution to scan content in HTTP requests that’re sent to the Exchange Server. Additionally, it will block a malicious request before it’s handled by Exchange. For more details, see More about AMSI integration with Exchange Server.
The /PrepareDomain operation automatically runs in the Active Directory domain in which the**/PrepareAD command is run. However, it may be unable to update other domains in the forest. Therefore, a domain administrator should run the/PrepareDomain** in other domains in the forest.
* About the permission question:
Because the /PrepareAD is triggered in Setup, if the user who initiates Setup isn’t a member of Schema Admins and Enterprise Admins, the readiness check will fail, and you receive the following error messages.Error 1:
The Active Directory schema isn’t up-to-date, and this user account isn’t a member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups. For more informaion, visit: <http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setipreadiness.SchemaUpdateRequired.aspx>.
Error 2:
Global updates need to be made to Active Directory, and this user account isn’t a member of the 'Enterprise Admins’group. For more information, visit: <http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequred.aspx>.
To avoid the errors, either the user should join Schema Admins and Enterprise Admins groups or another user in Schema Admins and Enterprise Admins groups should manually run /PrepareAD for this Cumulative Update first. Then, the Exchange admin user can start Setup.
This cumulative update also fixes the issues that are described in the following Microsoft Knowledge Base articles:
Download Cumulative Update 21 for Exchange Server 2016 (KB5003611) nowDownload Exchange Server 2016 CU 21 UM Language Packs now
Notes
This cumulative update requires Microsoft .NET Framework 4.8.A component that’s used within Exchange Server requires a new Visual C++ component to be installed together with Exchange Server. This prerequisite can be downloaded at Visual C++ Redistributable Packages for Visual Studio 2013. For more information, see KB 4295081.For more information about the prerequisites to set up Exchange Server 2016, see Exchange Server 2016 prerequisites.
You may have to restart the computer after you apply this cumulative update package.
You don’t have to make any changes to the registry after you apply this cumulative update package.
After you install this cumulative update package, you can’t uninstall the package to revert to an earlier version of Exchange Server 2016. If you uninstall this cumulative update package, Exchange Server 2016 is removed from the server.
File name | SHA256 hash |
---|---|
ExchangeServer2016-x64-cu21.iso | 403EFE9589709461FCC09B332894C4ED1F0D93414D9DBDCED1A0967727C47063 |
For more information about the deployment of Exchange Server 2016, see Release notes for Exchange Server 2016.
For more information about the coexistence of Exchange Server 2016 and earlier versions of Exchange Server in the same environment, see Exchange Server 2016 system requirements.
For more information about other Exchange updates, see Exchange Server Updates: Build numbers and release dates.
Learn about the terminology that Microsoft uses to describe software updates.
The following table summarizes some of the most important changes to this topic.Date | Description |
---|---|
August 30, 2021 | Added a “New feature in this cumulative update” section. |
5.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.2%