Last Update July 19th: Corrected Update information.
About a week ago, Microsoft released the July Updates for Windows systems. Unfortunately, something must have gone wrong in quality control, because people were reporting all sorts of issues, mostly related to IIS and Exchange servers.
The issue is created at the operating system level, probably due to changes in networking as mentioned in the July update notes. Therefor, symptoms can be experienced on systems running Exchange Server 2016 or even back to Exchange Server 2007.
Some of the symptoms are:
- The World Wide Web Publishing Service – W3SVC – won’t come up, remains in a “stopping” state, but cannot fully stop or it cannot be restarted.
- Exchange Transport and SMTP services becomes unresponsive or stops, causing mail flow issues (Source).
The issues were serious enough to have the Exchange PG publish a notice.
Meanwhile, Microsoft has released a superseding update for Windows Server 2016, and updates for older operating systems. However, looking at the information provided with updates for older operating systems, there are fixes for the original security updates, and (previews of) Monthly Rollups for the July updates. Replacements and updates may manifest themselves in Windows Update only after installing the original – faulty – update, meaning you might have to go through more than one Windows Update cycle (and possibly reboot) for the updates to become visible and installable. This applies to the Monthly Rollups as well.
The table below contains information on the original rollups and updates, the update you need to apply, and the type of update.
| Operating System | Original Update | Update | Type | Comments |
| Windows Server 2016 | KB4338814 | KB4345418 | Monthly Rollup | Replacement |
| Windows Server 2012 R2 | KB4338815 | KB4338831 | Monthly Rollup | Replacement |
| KB4338824 | KB4345424 | Security Update | Update for v1 | |
| Windows Server 2012 | KB4338830 | KB4338816 | Monthly Rollup | Replacement |
| KB4338820 | KB4345425 | Security Update | Update for v1 | |
| Windows Server 2008 R2 | KB4338823 | KB4345459 | Security Update | Update for v1 |
| KB4338818 | KB4338821 | Monthly Rollup | Replacement | |
| Windows Server 2008 | KB4295656 | KB4345397 | Security Update | Update for v1 |
Finally, apart from adopting a less aggressive updating strategy, this again shows unfortunately that having a separate production environment next to your test environment is no frivolous luxury.
Michel –
Thank you for this alert and for all of your excellent blog articles. Your good work benefits so many.
We are running Windows Server 2012 R2.
1. Assuming that we did not install the bad update, do we still need to install what you call the “security update” or “patch,” or do we only need to install the replacement update?
2. Assuming we installed the bad update, do we only install the “security update” or “patch,” or do we also need to install the replacement update?
Regards,
Blake
Rearranged the information – hope this clears things up a bit.
If you have installed the v1, the security update will patch it – the security update does not contain the fixes of the v1 update. The v2 contains the fixes of v1, but also the patch.
Thnx for the excellent post. allways following your blog on the exchange ’16 updates. good work, keep it up.
Thanks, my pleasure