HealthChecker VS CSS-Exchange

Exchange 2016 / Exchange 2019 wrong recommendations on Unified Communications Managed API - Microsoft Q&A [New Check] Check installed UCMA version · Issue #538 · dpaulson45/HealthChecker (github.com) HealthChecker - [New Check] Check installed UCMA version · Issue #535 · microsoft/CSS-Exchange (github.com)

Microsoft’s Exchange healthchecker.ps1 script also checks for, and displays, installed patches: https://github.com/dpaulson45/HealthChecker

Version 3.3.8 of the Exchange Health Checker. Post-update on Ex2013 seems to work correctly, but bombs out on pre-update Ex2016 for me without any obvious reason why in the logs. Oh well.

The healthchecker script will let you know which vulnerabilities are present; https://github.com/dpaulson45/HealthChecker

Run the HealthChecker.ps1 from https://github.com/dpaulson45/HealthChecker

Run through this post https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ and this heath check https://github.com/dpaulson45/HealthChecker#download

Use the HealthChecker.ps1 script.

First, I ran the Exchange Health Check script which confirms that the hot fix and CU have been applied to the server.

The MaxServicePointIdleTime property I changed because of what I saw suggested here: https://github.com/microsoft/CSS-Exchange/issues/1581.

This is actively exploited, patch immediately. Microsoft also provided a script that checks Exchange items for malicious messaging items: https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md

Microsoft has released a PowerShell script that can be run on Exchange infrastructure to scan email files for malicious UNC paths, however, patching is the preferred mitigation strategy.

I would expect that installing the URL Rewrite 2 module shouldn't cause any problems -- E2013 as such doesn't care about it. In fact, Microsoft's own EOMT script for the Hafnium mitigations suggests installing it. It'll likely require a reboot, though, or at the very least an IIS restart.

Yep, the August security update and OS updates were installed on all four nodes. But the order in which they were installed may have been different... I don't recall. Someone just posted above that this is a known problem with Windows 2012/R2: https://github.com/microsoft/CSS-Exchange/pull/1166

Which is the latest I can find on Github. This server is running Exchange 2019 CU 11. It has the March updates (KB5012698), but not the May one (KB5014261). You can also verify from the build number it's not up to date. There are no vulnerabilities reported and the only thing in "red" is that TCP keepalive warning.

https://github.com/microsoft/CSS-Exchange/issues/535 Even the maintainer David Paulson of the ExchangeHealtcheck script opened an issue on this matter, only waiting on feedback of the Exchange Team.