Tag Archives: Email

Microsoft Exchange 2013–2016-2019 Security Vulnerability (URGENT)

CVE-2019-0586 | Microsoft Exchange Memory Corruption Vulnerability


Yesterday Microsoft has published an KB article about a security threat to Exchange 2013-2016 and 2019.

The article mentions CU10-CU11 for Exchange 2016, CU21 for Exchange 2013 and RTM version of Exchange 2019 as well.

I spoke to Microsoft of whether this issue affects earlier CU versions for Exchange and they confirmed it



Vulnerability details:

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.


Download link:



Install Exchange 2019 Core using PowerShell

You probably already know that Exchange 2019 RTM has been released and even CU1 is about to come too.

But what’s interesting about 2019 is that it has a lot of new features, some that lot of people wanted to have in legacy versions especially for security, performance, resiliency and scalability.


As per Microsoft Security has been improved to suit the needs of corporations removing all vulnerable ciphers and follow best practices.

Security: Exchange Server 2019 requires Windows Server 2019. In fact, we recommend installing Exchange Server 2019 onto Windows Server 2019 Server Core. Exchange Server 2019 installed on Windows Server 2019 Core provides the most secure platform for Exchange. You also have the option of installing Exchange 2019 onto Windows Server 2019 with Desktop Experience, but we have worked hard to make sure running Exchange on Server Core is the best choice for our code.

We’re aware all media for Windows Server 2019 and Windows Server, version 1809 has been temporarily removed and Microsoft will provide an update when refreshed media is available. Exchange Server 2019 will be fully compatible with version 1809, and the refreshed version.

We also built Exchange Server 2019 to only use TLS 1.2 out of the box, and to remove legacy ciphers and hashing algorithms. To understand how this affects coexistence with earlier versions, please reference our previous series of postson TLS.

Regarding Performance, Microsoft has released the following statement:

Performance: We’ve done significant work to allow Exchange Server to take advantage of larger core and memory packed systems available in market today. With our improvements, Exchange Server can use up to 48 processor cores and 256GB of RAM.

We’ve re-engineered search using Bing technology to make it even faster and provide better results, and in doing so have made database failovers much faster, and administration easier.

We’re adding dual storage read/write capabilities to Exchange Server 2019 using Solid State Drive (SSD) technology to provide a super-fast cache of key data for improving end user experience. We also talked about this in our Email Search in a Flash! Accelerating Exchange 2019 with SSDs session at Ignite.

We also changed the way database caching works to allocate more memory to active database copies, again improving the end user experience. You can learn more about Dynamic Database Cache from Welcome to Exchange Server 2019!video and slides.

The improvements we have made to Exchange Server 2019 will enable you to scale to a larger number of users per server than ever before, use much larger disks, and see the latency of many client operations being cut in half.


Installing Exchange 2019 on Core is something that’s been recently supported, along with other features like in-place upgrade from Exchange 2016 to Exchange 2019.

In this guide we’ll go through the process of installing Exchange 2019 using PowerShell starting from naming the server, joining it to the domain and installing prerequisites of Exchange 2019.

Configuring Static IP address:

In order to give a static IP address to the machine from Windows Core we’ll be using the following script:

Assuming you have subnet with mask /24 and gateway we will use the below script to provide the machine with an IP.

$wmi = Get-WmiObject win32_networkadapterconfiguration -filter “ipenabled = ‘true'”

$wmi.EnableStatic(“”, “”)

$wmi.SetGateways(“”, 1)




Join Domain

Exchange must be part of the domain which you’re using in your lab / Production environment. next we’ll be joining this machine to our domain using the following script:

First we’ll change the hostname, restart and then join the domain


Change Computer name:

Rename-Computer -NewName “Exch2019” -DomainCredential WIN-EPM2CRB5MN9\administrator –Restart


Join the domain

add-computer –domainname cloud-tech.net -Credential cloud-tech\administrator -restart –force


After restarting


Configuring Drives:

Since I am doing a lab test only, I will use the default C drive to install Exchange, but if you’d want to configure a second Drive please let me know and I will add that part as well.



List volume




Installing Prerequisites – Exchange 2019 on Windows 2019 Core


​EX2019 will require 2012R2 AD FFL​

Check out your windows Version first for compatibility









GUI Version of Windows 2019

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS



Windows 2019 Core

Install-WindowsFeature RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Metabase, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, RSAT-ADDS, Server-Media-Foundation



After installing prerequisites, Installing UCMA

For UCMA on Windows Core you need to get a certain UCMA customized in order to work with Windows 2019 core.


After Extracting and copying the file to the C root drive

The setup file is called Ironmansetup.exe




















After the Installation of UCMA, there will be another requirement,

Visual C++ Redistributable Packages for Visual Studio 2013




.\setup.exe /InstallWindowsComponents /CustomerFeedbackEnabled:False /LogFolderPath:C:\Logs\db4 /DbFilePath:C:\Mailbox\Database01\Database01.edb /MdbName:Database01 /DisableAMFiltering /IAcceptExchangeServerLicenseTerms /roles:mb,mt











Setting URLS


I will be upgrading this with the latest Windows 2019 releases since this installation was done with Microsoft Windows 2019 Preview edition

For any consultation requirements please contact me admin@moh10ly.website or info@moh10ly.com

Thank you