Exchange must have the most current, approved service pack installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-234796	EX13-CA-000160	SV-234796r811165_rule		Medium

Description
Failure to install the most current Exchange service pack leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities.

STIG	Date
Microsoft Exchange 2013 Client Access Server Security Technical Implementation Guide	2021-12-16

Details

Check Text ( C-37982r811164_chk )
Determine the most current, approved service pack. Open the Exchange Management Shell and enter the following command: Get-ExchangeServer \| fl Name, AdminDisplayVersion For each Name from the previous command, enter the following command: Invoke-Command -ComputerName [Name] -ScriptBlock {Get-Command Exsetup.exe \| ForEach-Object {$_.FileversionInfo}} If the version displayed does not reflect the most current, approved service pack, this is a finding.

Check Text ( C-37982r811164_chk )

Determine the most current, approved service pack.

Open the Exchange Management Shell and enter the following command:

Get-ExchangeServer | fl Name, AdminDisplayVersion

For each Name from the previous command, enter the following command:

Invoke-Command -ComputerName [Name] -ScriptBlock {Get-Command Exsetup.exe | ForEach-Object {$_.FileversionInfo}}

If the version displayed does not reflect the most current, approved service pack, this is a finding.

Fix Text (F-37945r617328_fix)
Install the most current, approved service pack.