The KB articles that describe the fixes in each release, and product downloads are available as follows:
| Version | Build | KB | Download | UMLP | Schema |
| Exchange 2019 CU2 | 15.2.397.3 | KB4488401 | VLSC | N | |
| Exchange 2016 CU13 | 15.1.1779.2 | KB4488406 | Download | UMLP | N |
| Exchange 2013 CU23 | 15.0.1497.2 | KB4489622 | Download | UMLP | N |
These updates contain the following important changes and notes (more information in the original article):
- Reduced required permissions of Exchange in Active Directory.
- Introduction of support for .NET Framework 4.8, with 4.7.2 becoming the minimum required version.
- Introduction of Organization-level Authentication Policies.
- Upcoming support for Modern Authentication for Exchange Hybrid deployments.
- Controlled Public Folder visibility for Exchange 2019 & 2016.
Exchange 2019 CU2 fixes:
- 4502134 Can’t get all the emails when searching mailbox by using an end date that’s different from today in Exchange Server 2019
- 4502135 Correct the error message that you receive when installing Exchange Server 2019 in an organization that has Exchange Server 2010 installed
- 4502154 Providing information to administrators when auto forward limit is reached in Exchange Server 2019 and 2016
- 4502155 “The primary SMTP address must be specified when referencing a mailbox” error when you use impersonation in Exchange Server 2019 and 2016
- 4502156 Audit logs aren’t updated when “-WhatIf” is used as $false in the command in Exchange Server 2019 and 2016
- 4502157 The Find command not returning the HasAttachments element in Exchange Server 2019 and 2016
- 4502158 SyncFolderItems contains duplicated ReadFlagChange items in Exchange Server 2019 and 2016
- 4502131 “TLS negotiation failed with error UnknownCredentials” error after you update TLSCertificateName on Office 365 send connector in Exchange Server 2019 hybrid environment
- 4502132 Can’t reply to old emails after migration even though old legacyExchangeDN is set to migrated mailbox in Exchange Server 2019 and 2016
- 4502136 The response of FETCH (BODYSTRUCTURE) command of IMAP violates RFC 3501 in Exchange Server 2019 and 2016
- 4502140 Can’t preview an eDiscovery search when there are multiple domains in Exchange Server 2019 and 2016
- 4502141 Appointment that’s created by responding to an email message doesn’t show in any Outlook calendar views in Exchange Server 2019 and Exchange Server 2016
- 4502133 Can’t use Outlook on the web to reply a partner email through mutual TLS in Exchange Server 2019 and 2016
- 4488396 Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2019 and 2016
- 4488078 Public folder contact lists don’t show contact’s profile picture in Outlook on the web in Exchange Server 2019 and 2016
- 4499503 Heavy organizational forms traffic because of materialized restriction when organization forms library has more than 500 items in Exchange Server 2019 and 2016
- 4503027 Description of the security update for Microsoft Exchange Server 2019 and 2016: June 11, 2019
Exchange 2016 CU13 fixes:
- 4502154 Providing information to administrators when auto forward limit is reached in Exchange Server 2016
- 4502155 “The primary SMTP address must be specified when referencing a mailbox” error when using impersonation in Exchange Server 2016
- 4502156 Audit logs aren’t updated when “-WhatIf” is used as $false in the command in Exchange Server 2016
- 4502157 The Find command not returning the HasAttachments element in Exchange Server 2016
- 4502158 SyncFolderItems contains duplicated ReadFlagChange items in Exchange Server 2016
- 4502131 “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2016 hybrid environment
- 4502132 Can’t reply to old emails after migration even though old legacyExchangeDN is set to migrated mailbox in Exchange Server 2016
- 4502136 The response of FETCH (BODYSTRUCTURE) command of IMAP violates RFC 3501 in Exchange Server 2016
- 4502140 Can’t preview an eDiscovery search when there are multiple domains in Exchange Server 2016
- 4502141 Appointment that’s created by responding to an email message doesn’t show in any of Outlook calendar views in Exchange Server 2016
- 4502133 Can’t use Outlook on the web to reply a partner email through mutual TLS in Exchange Server 2016
- 4488396 Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2016
- 4488078 Public folder contact lists don’t show contact’s profile picture in Outlook on the web in Exchange Server 2016
- 4499503 Heavy organizational forms traffic due to materialized restriction when organization forms library has more than 500 items in Exchange Server 2016
- 4503027 Description of the security update for Microsoft Exchange Server 2019 and 2016: June 11, 2019
Exchange 2013 CU23 fixes:
- 4502131 “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2013 hybrid environment
- 4503028 Description of the security update for Microsoft Exchange Server 2013 and 2010: June 11, 2019
Notes:
- These Cumulative Updates do not contain schema changes compared to their previous Cumulative Update. However, due to changes in the permissions architecture, you need to run setup /PrepareAD to implement these changes as well as apply any RBAC changes, before deploying or updating Exchange servers.
- When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
- Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
- When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to delay installing at most one version (n-1).
- If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
- Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
- Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
- The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.