The Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 as well as Exchange 2016. Be advised that both of these CUs include the March security update KB5000871. AExchange 2016 will receive its final CU in March, 2021.
Links to the updates as well as a description of changes and fixes are described below. The column Schema and AD indicate if the CU contains Schema (/PrepareSchema) and Active Directory (PrepareAD) changes compared to the previous CU.
| Version | Build | KB | Download | UMLP | Schema | AD |
| Exchange 2019 CU9 | 15.2.858.2 | KB4602570 | Download | N | Y | |
| Exchange 2016 CU20 | 15.1.2242.4 | KB4602569 | Download | UMLP | N | Y |
Exchange 2019 CU9 fixes:
- 5001181 Certain search scenario can’t return expected result in Outlook online mode in Exchange Server 2019
- 5001182 Can’t use keyword “TMM” in a special pattern to search email in Exchange Server 2019
- 5001183 Attachment is treated as bad zip file on Edge Transport server in Exchange Server 2019 and 2016
- 5001184 EAC has no option to select the correct tenant for an Office 365 mailbox in Exchange Server 2019 and 2016
- 5001185 EAC has no option to select an archive domain for cloud-based archive in Exchange Server 2019 and 2016
- 5001186 Encoding of special characters isn’t preserved which causes missing text in Outlook in Exchange Server 2019 and 2016
- 5001188 Incorrect MRM properties stamped on mail item delivery when sending to multiple mailboxes on the same database in Exchange Server 2019 and 2016
- 5001189 Mailbox Audit log searches and Outlook both tied to MaxHitsForFullTextIndexSearches in Exchange Server 2019 and 2016
- 5001190 MonitoringGroup can’t control the placement of CAS monitoring mailboxes in Exchange Server 2019 and 2016
- 5001192 Microsoft Teams fails to show calendar because Autodiscover v2 isn’t site-aware in Exchange Server 2019 and 2016
- 5001193 New health mailboxes for databases are created every time Exchange Health Manager service is restarted
- 5001194 RFC certificate timestamp validation in Exchange Server 2019 and 2016
- 5001195 UPN specified when creating mailbox is overwritten automatically causing login failures in Exchange Server 2019 and 2016
- 5000631 Event IDs 1003, 1309 and 4999 are logged after installing Exchange Server 2019 CU8
- 4583558 PDF preview function in OWA leads to download action unexpectedly
Exchange 2016 CU20 fixes:
- 5001183 Attachment is treated as bad zip file on Edge Transport server in Exchange Server 2019 and 2016
- 5001184 EAC has no option to select the correct tenant for an Office 365 mailbox in Exchange Server 2019 and 2016
- 5001185 EAC has no option to select an archive domain for cloud-based archive in Exchange Server 2019 and 2016
- 5001186 Encoding of special characters isn’t preserved which causes missing text in Outlook in Exchange Server 2019 and 2016
- 5001188 Incorrect MRM properties stamped on mail item delivery when sending to multiple mailboxes on the same database in Exchange Server 2019 and 2016
- 5001189 Mailbox Audit log searches and Outlook both tied to MaxHitsForFullTextIndexSearches in Exchange Server 2019 and 2016
- 5001190 MonitoringGroup can’t control the placement of CAS monitoring mailboxes in Exchange Server 2019 and 2016
- 5001192 Microsoft Teams fails to show calendar due to Autodiscover v2 isn’t site aware in Exchange Server 2019 and 2016
- 5001193 New health mailboxes for databases are created every time Exchange Health Manager service is restarted
- 5001194 RFC certificate timestamp validation in Exchange Server 2019 and 2016
- 5001195 UPN specified when creating mailbox is overwritten automatically causing login failures in Exchange Server 2019 and 2016
- 4583558 PDF preview function in OWA leads to download action unexpectedly
Notes:
- If these Cumulative Updates contain schema changes compared to the Cumulative Update you have deployed, you need to run Setup with /PrepareSchema. If they contain Active Directory changes, you need to run /PrepareAD. Alternatively, permissions permitting, you can let Setup perform this step. Consult the Exchange schema versions page for object version numbers.
- When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
- Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
- When using Exchange hybrid deployments or Exchange Online Archiving (EOA), support requires you to trail at most one version (n-1).
- If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
- Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
- Once upgraded, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
- The recommended upgrade order is internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
EighTwOne (821) 
Normally I would agree with the idea of waiting a few days before implementing the patches if you don’t have an ability to test these in production environment. But the buzz going around about these latest exploits are apoplectic about the speed of compromise and the potential impact. I personally would be nervous about any server not already patched. That is simply my comfort level for this current round of out of band patches. Ultimately your best judgement will need to be your guide.
LikeLike
question: Do you need to un-install the security update (hafinum) first before applying cu20?
LikeLike