Skip to content

Commit

Permalink
Merge pull request #1810 from microsoft/AugSuUpdate
Browse files Browse the repository at this point in the history
Aug SU update
  • Loading branch information
dpaulson45 authored Aug 16, 2023
2 parents bc2b56b + 61f2f71 commit 39a76be
Show file tree
Hide file tree
Showing 4 changed files with 89 additions and 27 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -116,13 +116,41 @@ function Invoke-AnalyzerExchangeInformation {

if ($null -ne $exchangeInformation.BuildInformation.KBsInstalled) {
Add-AnalyzedResultInformation -Name "Exchange IU or Security Hotfix Detected" @baseParams
$problemKbFound = $false
$problemKbName = "KB5029388"

foreach ($kb in $exchangeInformation.BuildInformation.KBsInstalled) {
$params = $baseParams + @{
Details = $kb
DisplayCustomTabNumber = 2
}
Add-AnalyzedResultInformation @params

if ($kb.Contains($problemKbName)) {
$problemKbFound = $true
}
}

if ($problemKbFound) {
Write-Verbose "Found problem $problemKbName"
if ($null -ne $HealthServerObject.OSInformation.BuildInformation.OperatingSystem.OSLanguage) {
[int]$OSLanguageID = [int]($HealthServerObject.OSInformation.BuildInformation.OperatingSystem.OSLanguage)
# https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-operatingsystem
$englishLanguageIDs = @(9, 1033, 2057, 3081, 4105, 5129, 6153, 7177, 8201, 10249, 11273)
if ($englishLanguageIDs.Contains($OSLanguageID)) {
Write-Verbose "OS is english language. No action required"
} else {
Write-Verbose "Non english language code: $OSLanguageID"
$params = $baseParams + @{
Details = "Error: August 2023 SU 1 Problem Detected. More Information: https://aka.ms/HC-Aug23SUIssue"
DisplayWriteType = "Red"
DisplayCustomTabNumber = 2
}
Add-AnalyzedResultInformation @params
}
} else {
Write-Verbose "Language Code is null"
}
}
}

Expand Down
46 changes: 26 additions & 20 deletions Shared/Get-ExchangeBuildVersionInformation.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -127,13 +127,15 @@ function Get-ExchangeBuildVersionInformation {
$cuReleaseDate = "05/03/2023"
$supportedBuildNumber = $true
}
(GetBuildVersion $ex19 "CU13" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex19 "CU13" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex19 "CU13") } {
$cuLevel = "CU12"
$cuReleaseDate = "04/20/2022"
$supportedBuildNumber = $true
$orgValue = 16760
}
(GetBuildVersion $ex19 "CU12" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex19 "CU12" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex19 "CU12") } {
$cuLevel = "CU11"
Expand Down Expand Up @@ -221,6 +223,7 @@ function Get-ExchangeBuildVersionInformation {
$cuReleaseDate = "04/20/2022"
$supportedBuildNumber = $true
}
(GetBuildVersion $ex16 "CU23" -SU "Aug23SUv2") { $latestSUBuild = $true }
(GetBuildVersion $ex16 "CU23" -SU "Aug23SU") { $latestSUBuild = $true }
{ $_ -lt (GetBuildVersion $ex16 "CU23") } {
$cuLevel = "CU22"
Expand Down Expand Up @@ -693,15 +696,16 @@ function GetExchangeBuildDictionary {
"Nov22SU" = "15.1.2375.37"
})
"CU23" = (NewCUAndSUObject "15.1.2507.6" @{
"May22SU" = "15.1.2507.9"
"Aug22SU" = "15.1.2507.12"
"Oct22SU" = "15.1.2507.13"
"Nov22SU" = "15.1.2507.16"
"Jan23SU" = "15.1.2507.17"
"Feb23SU" = "15.1.2507.21"
"Mar23SU" = "15.1.2507.23"
"Jun23SU" = "15.1.2507.27"
"Aug23SU" = "15.1.2507.31"
"May22SU" = "15.1.2507.9"
"Aug22SU" = "15.1.2507.12"
"Oct22SU" = "15.1.2507.13"
"Nov22SU" = "15.1.2507.16"
"Jan23SU" = "15.1.2507.17"
"Feb23SU" = "15.1.2507.21"
"Mar23SU" = "15.1.2507.23"
"Jun23SU" = "15.1.2507.27"
"Aug23SU" = "15.1.2507.31"
"Aug23SUv2" = "15.1.2507.32"
})
}
"Exchange2019" = @{
Expand Down Expand Up @@ -780,19 +784,21 @@ function GetExchangeBuildDictionary {
"Mar23SU" = "15.2.986.42"
})
"CU12" = (NewCUAndSUObject "15.2.1118.7" @{
"May22SU" = "15.2.1118.9"
"Aug22SU" = "15.2.1118.12"
"Oct22SU" = "15.2.1118.15"
"Nov22SU" = "15.2.1118.20"
"Jan23SU" = "15.2.1118.21"
"Feb23SU" = "15.2.1118.25"
"Mar23SU" = "15.2.1118.26"
"Jun23SU" = "15.2.1118.30"
"Aug23SU" = "15.2.1118.36"
"May22SU" = "15.2.1118.9"
"Aug22SU" = "15.2.1118.12"
"Oct22SU" = "15.2.1118.15"
"Nov22SU" = "15.2.1118.20"
"Jan23SU" = "15.2.1118.21"
"Feb23SU" = "15.2.1118.25"
"Mar23SU" = "15.2.1118.26"
"Jun23SU" = "15.2.1118.30"
"Aug23SU" = "15.2.1118.36"
"Aug23SUv2" = "15.2.1118.37"
})
"CU13" = (NewCUAndSUObject "15.2.1258.12" @{
"Jun23SU" = "15.2.1258.16"
"Aug23SU" = "15.2.1258.23"
"Jun23SU" = "15.2.1258.16"
"Aug23SU" = "15.2.1258.23"
"Aug23SUv2" = "15.2.1258.25"
})
}
}
Expand Down
38 changes: 33 additions & 5 deletions Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -173,14 +173,24 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
ForEach-Object { [System.Version]$_ } |
Sort-Object -Descending |
Select-Object -First 2

# RegEx to find if the latest is a v* version. Then we assume what we have set is correct and we don't test them.
$latestSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[0]
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $true
$notSecondVersionSU = $null -eq ($latestSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")

if ($latest2SUs.Count -eq 2) {
if ($latest2SUs.Count -eq 2 -and
$notSecondVersionSU) {
$latestSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $false
} elseif ($latest2SUs.Count -eq 2) {
$secondSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$secondSU.Supported | Should -Be $true
$latestSU.FriendlyName.Substring(0, $latestSU.FriendlyName.Length - 2) | Should -Be $secondSU.FriendlyName
# This test could change depending on the reason for the v2 release.
$secondSU.LatestSU | Should -Be $true
}
}
}
Expand All @@ -201,11 +211,19 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
$latestSupportedSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[0]
$latestSupportedSU.Supported | Should -Be $true
$latestSupportedSU.LatestSU | Should -Be $true
$notSecondVersionSU = $null -eq ($latestSupportedSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")

if ($latestSupportedSUs.Count -eq 2) {
if ($latestSupportedSUs.Count -eq 2 -and
$notSecondVersionSU) {
$latestSupportedSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[1]
$latestSupportedSU.Supported | Should -Be $true
$latestSupportedSU.LatestSU | Should -Be $false
} elseif ($latestSupportedSUs.Count -eq 2) {
$secondSU = Get-ExchangeBuildVersionInformation -FileVersion $latestSupportedSUs[1]
$secondSU.Supported | Should -Be $true
$latestSupportedSU.FriendlyName.Substring(0, $latestSupportedSU.FriendlyName.Length - 2) | Should -Be $secondSU.FriendlyName
# This test could change depending on the reason for the v2 release.
$secondSU.LatestSU | Should -Be $true
}

$latestUnsupportedSUs = (GetExchangeBuildDictionary)["Exchange2019"][$unSupportedCU.CU].SU.Values |
Expand Down Expand Up @@ -240,9 +258,19 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" {
$latestSU.Supported | Should -Be $true
$latestSU.LatestSU | Should -Be $true

$previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$previousSU.Supported | Should -Be $true
$previousSU.LatestSU | Should -Be $false
$notSecondVersionSU = $null -eq ($latestSU.FriendlyName | Select-String "\D{3}\d{2}SUv\d")

if ($notSecondVersionSU) {
$previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$previousSU.Supported | Should -Be $true
$previousSU.LatestSU | Should -Be $false
} else {
$previousSU = Get-ExchangeBuildVersionInformation -FileVersion $latest2SUs[1]
$previousSU.Supported | Should -Be $true
$latestSU.FriendlyName.Substring(0, $latestSU.FriendlyName.Length - 2) | Should -Be $previousSU.FriendlyName
# This test could change depending on the reason for the v2 release.
$previousSU.LatestSU | Should -Be $true
}

(Get-ExchangeBuildVersionInformation -FileVersion $latest2CUs[1]).Supported | Should -Be $false
}
Expand Down
4 changes: 2 additions & 2 deletions docs/Emerging-Issues.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@ This page lists emerging issues for Exchange On-Premises deployments, possible r

|**Updated on** | **Update causing the issue**| **Issue**| **Workaround/Solution**
|-|-|-|-|
8/14/2023|[Non-English August 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/ba-p/3892811) for Exchange 2016, Exchange 2019 | When you install the Microsoft Exchange Server 2019 or 2016 August 2023 Security Update (SU) on a Windows Server-based device that is running a non-English operating system (OS) version, Setup suddenly stops and rolls back the changes. However, the Exchange Server services remain in a disabled state. |The problematic SU's are taken down from the installation and fixed version of updates will be released shortly. Meanwhile, if you are affected by the issue, please follow steps in [this KB](https://support.microsoft.com/topic/exchange-server-2019-and-2016-august-2023-security-update-installation-fails-on-non-english-operating-systems-ef38d805-f645-4511-8cc5-cf967e5d5c75) for the workaround on affected systems
8/15/2023|[Non-English August 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/ba-p/3892811) for Exchange 2016, Exchange 2019 | When you install the Microsoft Exchange Server 2019 or 2016 August 2023 Security Update (SU) on a Windows Server-based device that is running a non-English operating system (OS) version, Setup suddenly stops and rolls back the changes. However, the Exchange Server services remain in a disabled state. |The latest SUs have been released that do not require a workaround to install. If you used a workaround to install KB5029388, it is highly recommend to uninstall the KB5029388 to avoid issues down the line. For more information please check out [this KB](https://support.microsoft.com/topic/exchange-server-2019-and-2016-august-2023-security-update-installation-fails-on-non-english-operating-systems-ef38d805-f645-4511-8cc5-cf967e5d5c75).
6/15/2023|[January 2023 Security Update](https://www.microsoft.com/en-us/download/details.aspx?id=104914) for Exchange 2016, Exchange 2019 | When you try to uninstall Microsoft Exchange Server 2019 or 2016 on servers, that had January 2023 Security Update for Exchange Server installed at any point, the Setup fails with following error message: <BR><BR>[ERROR] The operation couldn't be performed because object '<ServerName>' couldn't be found on '<DomainControllerName>'. |Install Exchange Security Update June 2023 or higher to resolve the issue. Check [this KB](https://support.microsoft.com/help/5025312) for more details
6/15/2023|Extended protection enabled on Exchange server | Changing the permissions for Public Folders by using an Outlook client will fail with the following error, if Extended Protection is enabled: <BR><BR>`The modified Permissions cannot be changed.`| Install Exchange Security Update June 2023 or higher to resolve the issue. Check [this KB](https://support.microsoft.com/en-us/topic/extended-protection-doesn-t-support-public-folder-client-permissions-management-through-outlook-bd2037b5-40e0-413a-b368-746b3f5439ee) for more details
|3/16/2023| [Outlook client update for CVE-2023-23397 released](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)| These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action **other than updating Exchange servers in their environment, and if applicable, installing the security update for Outlook on Windows described on the link on the right.**<br>More details about specific CVEs can be found in the [Security Update Guide](https://msrc.microsoft.com/update-guide/) (filter on Exchange Server under Product Family).<br>**Awareness: Outlook client update for CVE-2023-23397 released**<br>There is a critical security update for Microsoft Outlook for Windows that is required to address [CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397). To address this CVE, **you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform).** | **Please check [this page](https://aka.ms/OLKCVEFAQ) for FAQs about the [Outlook CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)**
|3/16/2023| [Outlook client update for CVE-2023-23397 released](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)| These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action **other than updating Exchange servers in their environment, and if applicable, installing the security update for Outlook on Windows described on the link on the right.**<br>More details about specific CVEs can be found in the [Security Update Guide](https://msrc.microsoft.com/update-guide/) (filter on Exchange Server under Product Family).<br>**Awareness: Outlook client update for CVE-2023-23397 released**<br>There is a critical security update for Microsoft Outlook for Windows that is required to address [CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397). To address this CVE, **you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform).** | **Please check [this page](https://aka.ms/OLKCVEFAQ) for FAQs about the [Outlook CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397)**
3/14/2023|[February 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february-2023-exchange-server-security-updates/ba-p/3741058) for Exchange 2016, Exchange 2019, Exchange 2013 | After installing February 2023 security update, customers are seeing EWS application pool crash with Event ID 4999 with following error <BR><BR> E12IIS, c-RTL-AMD64, 15.01.2507.021, w3wp#MSExchangeServicesAppPool, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.EnforceBlockReason, M.E.Diagnostics.BlockedDeserializeTypeException, 437c-dumptidset, 15.01.2507.021. <BR><BR> The issue is causing connectivity issues to EWS based clients (Outlook for Mac) | **Update on 3/14/2023** <BR> The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224) <BR> Please follow the steps in [this KB](https://support.microsoft.com/help/5024257)
3/14/2023|[February 2023 Security Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february-2023-exchange-server-security-updates/ba-p/3741058) for Exchange 2016, Exchange 2019, Exchange 2013 | Some customers are reporting issues with Outlook/OWA add-ins, like add-in not listing in EAC or with the Get-App command. Additionally, they may notice EWS application pool crash with Event ID 4999 in the application log of the Exchange server. | **Update on 3/14/2023** <BR> The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224)
3/14/2023|[January 2023 Security Update](https://www.microsoft.com/en-us/download/details.aspx?id=104914) for Exchange 2016, Exchange 2019 |The Exchange toolbox may start crashing on launch after [certificate Serialization for PowerShell](https://aka.ms/HC-SerializedDataSigning) is enabled. The error noticed is "Deserialization fails: System.Reflection.TargetInvocationException". <BR><BR> The issue happens only on Exchange 2016 and Exchange 2019| **Update on 3/14/2023** <BR> The issue is fixed in [March 2023 security update for Exchange servers](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224)
Expand Down

0 comments on commit 39a76be

Please sign in to comment.