Released: June 2018 Quarterly Exchange Updates


The latest cumulative updates for Exchange Server 2016 and Exchange Server 2013 are now available on the download center. An update rollup for Exchange Server 2010 is also available. The updates released today include important changes to the pre-requisites required to install Exchange Server. The installation packages include fixes to customer reported issues, all previously reported security/quality issues and updated functionality.

Updated Pre-requisite requirements

.NET Framework 4.7.1

As announced previously, Exchange Server 2016 Cumulative Update 10 and Exchange Server 2013 Cumulative Update 21 require .NET Framework 4.7.1. Exchange Setup will enforce this requirement during cumulative update installation. Customers who are running an older version of .NET Framework will need to update their server to .NET Framework 4.7.1 then install the latest cumulative update.

VC++ 2013 runtime library is required

The Exchange Server updates released today require the VC++ 2013 runtime library installed on the server. The VC++ runtime library is required to provide current and future security updates for a third party component shipped with Exchange Server. The component provides WebReady Document Viewing in Exchange Server 2010 and 2013 and Data Loss Prevention in Exchange Server 2013 and 2016. Setup will enforce the installation of the pre-requisite on Exchange Server 2013 and 2016 when a cumulative update is applied. Exchange Server 2010 Update Rollup 22 and later will force the installation of the VC++ runtime before the update can be applied. Future security updates for all versions of Exchange Server will force installation of the runtime package if not already installed. Customers who use Windows Update to patch or update their servers, will need to ensure that the VC++ 2013 runtime package is applied before running Windows Update. Update Rollup 22 and future security updates for all versions of Exchange server will fail to install manually or via Windows Update if the runtime library is not installed.

The packages released today include an updated version of the third party component to resolve the issues identified in Microsoft Advisory ADV180010. Customers are encouraged to apply the updates released today as soon as possible. The Exchange team has previously stated they will not ship security fixes in a cumulative update not previously released separate from a cumulative update. That goal and official plan of record are unchanged. Shipping the updated third party components in a cumulative update was necessary to integrate a new version of the components and a new product dependency not previously required by Exchange in a manner customers are accustomed to with minimal disruption to the Windows Update process.

Important Updates for Exchange Server 2010

Support for Windows Server 2016 Domain Controllers

Exchange Server 2010 Service Pack 3 Update Rollup 22 and later add support for Windows Server 2016 domain controllers. There are no restrictions to adding Windows Server 2016 domain controllers in forests where Exchange Server 2010 is deployed. Support for Active Directory Forest Functional Levels through Windows Server 2016 is included. Domain Controllers must be running Windows Server 2016 updates released through June 2018 to be supported. Customers are encouraged to remain current by applying monthly operating system quality updates.

Fix for Exchange Web Services Impersonation in Co-existent Environments

The issue identified in KB4295751 is now resolved in Update Rollup 22. Customers who have Exchange Server 2010 deployed in the same forest as Exchange Server 2016 are encouraged to deploy Update Rollup 22 to ensure that unauthorized access to mailboxes on Exchange Server 2010 does not occur.

Latest time zone updates

All of the packages released today include support for time zone updates published by Microsoft through May 2018.

Exchange Server 2013 Extended Support

Exchange Server 2013 entered extended support in April 2018. Cumulative Update 21 is the last planned quarterly update for Exchange Server 2013. Customers must upgrade to Cumulative Update 21 to continue to receive future security updates.

Release Details

KB articles that describe the fixes in each release are available as follows:

The updates released today do not include new updates to Active Directory Schema. If upgrading from an older Exchange version or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current before applying either of the cumulative updates released today.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU21, 2016 CU10) or the prior (e.g., 2013 CU20, 2016 CU9) Cumulative Update release.

For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post is published.

The Exchange Team

Comments (21)

  1. Anonymous says:
    (The content was deleted per user request)
  2. StephenKCEE says:

    Hi Exchange Team,

    Our brand new Server-2016/Exchange-2016(CU9) has VC++ 2012 installed.
    Do we install VC++ 2013 alongside the existing version, prior to installing CU10?

    Also why not the more recent VC++ 2015 or VC++ 2017 versions?

    Regards
    Stephen

    1. Thank you for the question Stephen. Our third party partner has indicated that this is the version required/supported to work with their product. We are inheriting this support requirement directly from them. The behavior of the runtime is that multiple versions can be installed side by side.

  3. Anonymous says:
    (The content was deleted per user request)
  4. Hello guys,
    Just a warning, the hyperlink to the .NET 4.7.1 is redirecting to 4.7 – which is not supported by Exchange. Regards, Denis Signorelli

    1. Thank you for reporting this and sorry for the typo in the hyperlink. This has been resolved.

  5. teamits says:

    re: “Customers must upgrade to Cumulative Update 21 to continue to receive future security updates.” …does that mean security updates will no longer be provided for CU4/SP1?

    1. teamits says:

      PS – it appears if you aren’t logged in when posting a comment, like I did last week, there is no error message but it doesn’t get received? Today when logged in, it immediately showed as “Your comment is awaiting moderation” after I posted.

    2. @teammits – Yes, your interpretation of that comment is correct. During extended support only the latest cumulative update will receive security updates.

      1. teamits says:

        A coworker found https://blogs.technet.microsoft.com/exchange/2018/04/10/exchange-server-2013-enters-extended-support-lifecycle-phase/ which says “After September 19th 2018, only Cumulative Update 21 or its successors will receive critical updates.” So apparently there is a 3 month window to get to CU21.

  6. testrrrr says:

    @teamits: thank you for the hint with “must be logged in to post in the” comments – a few days ago I wonderd why my comment disapeard.

    @MS: I think the CU Numbers at the reminder are wrong. The most current or prior CUs for exchange 2016 should be CU10 and CU9 instead of CU9 and CU8.

  7. Hi,
    I’ve installed the update and start to get errors (no object in “Microsoft Exchange System Objects” is created):

    Object reference not set to an instance of an object.
    + CategoryInfo : NotSpecified: (:) [Enable-MailPublicFolder], NullReferenceException
    + FullyQualifiedErrorId : System.NullReferenceException,Microsoft.Exchange.Management.MapiTasks.EnableMailPublicFolder
    + PSComputerName :

    Repetition of the cmdlet doesn’t help.
    When I start a new EMS session the cmdlet Enable-MailPublicFolder executes without error.

    Best regards
    Dmitry

  8. JohnKirkHMR says:

    Yesterday’s “patch Tuesday” updates included .NET 4.7.2. However, looking at the supportability matrix, there’s no row for .NET 4.7.2 and no column for Exchange 2016 CU 10. Can you clarify whether these are compatible?

  9. Shnickety says:

    One of our DR DAG members has had .NET Framework 4.7.2 installed in error. Is there a process for cleanly removing this and getting back to 4.7.1 without causing issues in Exchange? It doesn’t appear to have any problems so far although it’s only hosting passive and lagged copies at the moment.

  10. David Alva says:

    Hoping someone can shed some light on our concern. Yesterday we installed rollup 22 on our Exchange 2010 spk 3 rollup 8. We did the prerequisite VC++. The rollup install appeared to go well and reached the Finished. Problem we are having is when we check on the Exchange version installed it still shows what we had before the rollup install. Shouldn’t we now see it has rollup 22 installed?

    1. jd-1984 says:

      what method are you using to check the version?
      try: Get-ExchangeServer | ft name, admindisplayversion

  11. Rob Roettger says:

    Is it expected behavior that the Active Directory preparation commands will fail when running from a DC if .NET 4.7.1 is not installed on the DC? I don’t see this as a requirement on the “Prepare Active Directory and domains” article. Please advise.

  12. Reno Mardo says:

    so what is the sequence of steps to update to cu21 from cu17? is it VC++ 2013 runtime then .NET 4.7.1 or the other way before cu21 or the other way?

  13. CScroggi says:

    We are on Exchange 15.0.847.32 (2013 SP1). Can we just run the executable for CU 21 or do we need to go in steps?
    Thanks!

  14. Sebastian says:

    Hi Exchange Team, how can we Admins give you feedback about the product? Things like: Why i can`t filter for *MAPI* Attributes in get-casmailbox, but for all other services like owa, pop etc? Or Why i have the option in the eac for a mailbox to set the sendonbehalfto but not for a sharedmailbox?

Skip to main content