After the update is before the update. Today, Microsoft released the Cumulative Updates for Exchange Server 2016 and 2019. Both CUs contain the previous security updates from 02.03.21. CU 20 is the penultimate CU for Exchange Server 2016, after which only security updates will be released. The last CU for Exchange 2016 will therefore be released in June 2021. After that, there will only be security updates for Exchange 2016.
Click here to download the CUs directly:
The CU 9 can be downloaded via VLSC, Visual Studio Portal or in the Action Pack. The CU 9 for Exchange 2019 is already available in the Visual Studio Portal.
Details on the fixed problems can be found under the following links:
- Exchange Server 2019 Cumulative Update 9 (KB4602570)
- Exchange Server 2016 Cumulative Update 20 (KB4602569)
Since the two CUs contain the security updates for the HAFNIUM exploit, you could consider installing the CU directly on servers that have not yet been updated. It is therefore not necessary to install the security updates before the CUs.
Important: Exchange servers that have not yet been updated with the 02.03 security updates must be updated as soon as possible. In addition, the Script EOMT so that it can be determined whether the server has already been successfully attacked.
Here is the article from the Microsoft Exchange Team Blog:
Note: If you would like to be informed promptly about new updates for Exchange Server by e-mail, you can subscribe to the Newsletter subscribe. I always try to inform you about new updates as soon as possible.