More detailed information can be found at the original blog post here. The security update also fixes the OWA redirection problem for Exchange hybrid deployments introduced with the November security updates.
Be advised that these security updates are Cumulative Update level specific. You cannot apply the update for Exchange 2019 CU11 to Exchange 2019 CU10. Also, the security update download has the same name for different Cumulative Updates, and I would suggest tagging the file name with the CU level, e.g. Exchange2019-CU10-KBXXXXXX-x64-en.msp.
As a reminder, run the Security Update from an elevated command prompt to prevent issues during installation. In other words: Do not just double-click on the .MSP file. And on a final note, as with any patch or update, I’d recommend to apply this in a test environment first, prior to implementing it in production. However, it is not recommended to wait for regular maintenance cycles when it concerns security updates, and follow a more agile approach; the ratings are an indication of the urgency.
Another month, another Patch Tuesday! A quick blog on November’s security updates for Exchange Server 2013 up to 2019. The vulnerabilities addressed in these security updates are:
Vulnerabilities mentioned in the table above are addressed in the following security updates. Exception is Exchange 2013 CU23 which seemingly only gets fixed for CVE-2021-26427; it is unclear if that is because of Exchange 2013’s lifecycle phase or because the problem does not exist in those builds.
More detailed information can be found at the original blog post here. Check the KB articles for any known release notes, such as the possible cross-forest Free/Busy issue and HTTP headers containing version information.
Be advised that these security updates are Cumulative Update level specific. You cannot apply the update for Exchange 2019 CU11 to Exchange 2019 CU10. Also, the security update download has the same name for different Cumulative Updates, and I would suggest tagging the file name with the CU level, e.g. Exchange2019-CU10-KBXXXXXX-x64-en.msp.
As a reminder, run the Security Update from an elevated command prompt to prevent issues during installation. In other words: Do not just double-click on the .MSP file. And on a final note, as with any patch or update, I’d recommend to apply this in a test environment first, prior to implementing it in production. However, it is not recommended to wait for regular maintenance cycles when it concerns security updates, and follow a more agile approach; the ratings are an indication of the urgency.
Vulnerabilities mentioned in the table above are addressed in the following security updates. Exception is Exchange 2013 CU23 which seemingly only gets fixed for CVE-2021-26427; it is unclear if that is because of Exchange 2013’s lifecycle phase or because the problem does not exist in those builds.
More detailed information can be found at the original blog post here. Check the KB articles for any known release notes, such as the possible cross-forest Free/Busy issue and HTTP headers containing version information.
Be advised that these security updates are Cumulative Update level specific. You cannot apply the update for Exchange 2019 CU11 to Exchange 2019 CU10. Also, the security update download has the same name for different Cumulative Updates, and I would suggest tagging the file name with the CU level, e.g. Exchange2019-CU10-KBXXXXXX-x64-en.msp.
As a reminder, run the Security Update from an elevated command prompt to prevent issues during installation. In other words: Do not just double-click on the .MSP file. And on a final note, as with any patch or update, I’d recommend to apply this in a test environment first, prior to implementing it in production. However, it is not recommended to wait for regular maintenance cycles when it concerns security updates, and follow a more agile approach; the ratings are an indication of the urgency.
The Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 as well as Exchange 2016.
Be advised that these CUs will introduce something which is called the Exchange Emergency Mitigation Service. This service is designed to distribute and implement mitigations addressing potential threats. For this, the URL Rewrite Module needs to be installed on the Exchange server. When you have Exchange running on Windows Server 2012 R2, you will also need an update for the Universal C Runtime (KB2999226). Periodically, the EEM service will reach out to the Office Config Service (OCS) through endpoint https://officeclient.microsoft.com, and update its set of configured mitigations. More on EEM and managing its configuration here.
Links to the updates as well as a description of changes and fixes are described below. The column Schema and AD indicate if the CU contains Schema (/PrepareSchema) and Active Directory (PrepareAD) changes compared to the previous CU. Refer to the Exchange Schema page for schema and related versioning information.
5006980 Bad signature error using PerfView in Exchange Server 2019 and 2016 (KB5006980)
5006982 On-premises Exchange queues back up because of incorrect default value (KB5006982)
5006983 Exchange Server 2019 and 2016 certificates created during setup use SHA-1 hash (KB5006983)
5006984 PrepareAD fails if Computers container or RODCs are renamed or moved in Exchange Server 2019 and 2016 (KB5006984)
5006986 Opening an Outlook message from the desktop removes line spacing (KB5006986)
5006988 Export of .pst file is unexpectedly triggered again in Exchange Server 2019 and 2016 (KB5006988)
5006989 Accepted domains with wildcards for subdomains are not honored when Edge server maps AddressSpaces (KB5006989)
5006990 Exchange CU installation fails after you configure fallback to use default character set (5006990)
5006991 Mail quota warning messages no longer sent daily in Exchange Server 2019 (KB5006991)
5006992 No room lists found when trying to add a room in OWA in Exchange Server 2019 or 2016 (KB5006992)
5006993 Can’t log on to OWA in Chrome if SSL is offloaded in Exchange Server 2019 and 2016 (KB5006993)
5006994 BCC values not retained in Sent Items in a shared mailbox in Exchange Server 2019 and 2016 (5006994)
5006995 Korean email messages display some recipients incorrectly in Exchange Server 2019 and 2016 (KB5006995)
5006996 Export-AutoDiscoverConfig exposes admin password and does not work against domain controllers that require signing (KB5006997)
5006997 Korean messages in OWA display “From” as “Start date” after you filter the list in Exchange Server 2019 and 2016
5006999 “401” error and Outlook repeatedly prompts for credentials in Exchange Server 2019 (KB5006999)
5007042 Error window appears when you view features in OWA Virtual Directory (KB5007042)
5007043 Exchange Server SU updates Add/Remove Programs incorrectly (KB5007043)
5007044 Start-MailboxAssistant not available in EMS in Exchange Server 2019 (KB5007044)
Exchange 2016 CU22 fixes:
5006980 Bad signature error using PerfView in Exchange Server 2019 and 2016 (KB5006980)
5006982 On-premises Exchange queues back up because of incorrect default value (KB5006982)
5006983 Exchange Server 2019 and 2016 certificates created during setup use SHA-1 hash (KB5006983)
5006984 PrepareAD fails if Computers container or RODCs are renamed or moved in Exchange Server 2019 and 2016 (KB5006984)
5006986 Opening an Outlook message from the desktop removes line spacing (KB5006986)
5006988 Export of .pst file is unexpectedly triggered again in Exchange Server 2019 and 2016 (KB5006988)
5006989 Accepted domains with wildcards for subdomains are not honored when Edge server maps AddressSpaces (KB5006989)
5006992 No room lists found when trying to add a room in OWA in Exchange Server 2019 or 2016 (KB5006992)
5006993 Can’t log on to OWA in Chrome if SSL is offloaded in Exchange Server 2019 and 2016 (KB5006993)
5006994 BCC values not retained in Sent Items in a shared mailbox in Exchange Server 2019 and 2016 (5006994)
5006995 Korean email messages display some recipients incorrectly in Exchange Server 2019 and 2016 (KB5006995)
5006996 Export-AutoDiscoverConfig exposes admin password and does not work against domain controllers that require signing (KB5006997)
5006997 Korean messages in OWA display “From” as “Start date” after you filter the list in Exchange Server 2019 and 2016
5007042 Error window appears when you view features in OWA Virtual Directory (KB5007042)
5007043 Exchange Server SU updates Add/Remove Programs incorrectly (KB5007043)
Notes:
If these Cumulative Updates contain schema changes compared to the Cumulative Update you have deployed, you need to run Setup with /PrepareSchema. If they contain Active Directory changes, you need to run /PrepareAD. Alternatively, permissions permitting, you can let Setup perform this step. Consult the Exchange schema versions page for schema and related versioning information.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), support requires you to trail at most one version (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
Once upgraded, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The recommended upgrade order is internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
When looking at the MSRC information, you will notice 3 additional CVE issues addressed for July 13th. However, as far as I can see CVE-2021-34473, CVE-2021-34523 and CVE-2021-33766 were addressed in the April 2021 and eventually the May 2021 Security Updates, which also would explain MSRC’s mention of earlier CUs, such as Exchange 2019 CU8.
CVE-2021-33768 does not seem applicable to Exchange 2019 CU9 or Exchange 2016 CU20.
CVE-2021-34470 is only addressed in the security update for Exchange 2013 CU23.
More detailed information can be found at the original blog post here, which mentions some specific post-deployment instructions:
When running n-1 CU of Exchange 2019 (CU9) or Exchange 2016 (CU20), and you do not plan to upgrade to the latest CU yet but do wish to install this Security Update, you must also update the AD Schema using the CU10 or CU21 installation files.
When you are running Exchange 2013 CU23 in your organization, and no later Exchange builds are present, you need to deploy a schema update immediately after deploying the Security Update. After deploying the SU, from an elevated CMD prompt, run Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms from Exchange’s bin folder. You you need to separate the update from deploying the update, see end of article for a tip.
The blog also mentions some issues, which are identical to the ones mentioned with the May 2021 Security Updates:
Accounts ending in ‘$’ cannot use EMS or access the ECP.
Cross-forest Free/Busy might stop working resulting in 400 Bad Request (solution).
Running cmdlets against EMC using invoked runspace might result in no-language mode error (info).
Be advised that these security updates are Cumulative Update level specific. You cannot apply the update for Exchange 2019 CU9 to Exchange 2019 CU8. Also, the security update download has the same name for different Cumulative Updates, and I would suggest tagging the file name with the CU level, e.g. Exchange2019-CU9-KBXXXXXX-x64-en.msp.
On another note, after deploying the security updates Exchange will start reporting its version number in the HTTP response header.
As a reminder, run the Security Update from an elevated command prompt to prevent issues during installation. In other words: Do not just double-click on the .MSP file. And on a final note, as with any patch or update, I’d recommend to apply this in a acceptance environment first, prior to implementing it in production. However, it is not recommended to wait for regular maintenance cycles when it concerns security updates, and follow a more agile approach. The rating implies a form of urgency.
OWA/ECP and HMAC errors There are reports of the Security Update breaking OWA/ECP. Symptoms are browsers displaying an HMAC error:
Server Error in '/owa' Application.
ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Exchange.Diagnostics.ExAssertException: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
It is likely related to “Microsoft Exchange Server Auth Certificate”, which can be expired, invalid or for other reasons not being picked up. The reported solution is renewing the “Microsoft Exchange Server Auth Certificate”. This procedure can be found here. Do note that it may take an hour for the certificate to become effective. Meanwhile, you can check the comments in the original Exchange Team post, which is lively with feedback and responses.
Exchange 2013 CU23 SU & Schema Updating Because with Exchange 2013 CU23 schema preparation needs to occur immediately after deploying the SU on (the first) Exchange 2013 CU23 server, a tip might be that you could deploy Exchange 2013 CU23 Management Tools on a workstation, install the SU on that workstation, then run the PrepareSchema from there before deploying the SU on any Exchange 2013 CU23 server.
This might also be helpful in multi-domain organizations, or organizations where AD and Exchange are managed by different teams or require separate changes. Note that performing the schema update this way requires Visual C++ 2012 Runtime, otherwise you will run into a “Exchange Server setup didn’t complete the operation” and the ExchangeSetup.log will contain “Could not load file or assembly ‘Microsoft.Exchange.CabUtility.dll”.
The Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 and Exchange 2016. Biggest change for both editions is support for Anti-Malware Scan Interface (AMSI) integration, available on Windows Server 2016 and Windows Server 2019. It allows real-time scanning of HTTP payloads, blocking known malicious content before it reaches Exchange.
Links to the updates as well as a description of changes and fixes are described below. The column Schema and AD indicate if the CU contains Schema (/PrepareSchema) and Active Directory (PrepareAD) changes compared to the previous CU.
5004612 Message body not displayed in OWA if the message was added in Outlook to a new mailbox
5004613 OutOfMemory exception when moving a public folder that has a large ICS sync state
5004614 Korean text is garbled in calendar invitation to a user with a Chinese display name
5004615 “InvalidOperationException” and Store Worker process crashes during mailbox move
5004616 Changing the email address in EAC doesn’t work in modern browsers
5004617 TLS 1.2 is not set as default after you install Exchange 2019 with Edge Transport role
5004618 MSExchangeMailboxAssistants 4999 Crash in ELCAssistant.InvokeInternalAssistant with System.NullReferenceException
5004619 Mailbox creation through ECP fails after installing Exchange Server 2019 or 2016 April update
5004622 “Cannot Send Mail – Your mailbox is full” error when you use iPhone mail to send very large attachments
5004623 PrepareADSchema required because of Active Directory schema change
Exchange 2016 CU21 fixes:
5004612 Message body not displayed in OWA if the message was added in Outlook to a new mailbox
5004613 OutOfMemory exception when moving a public folder that has a large ICS sync state
5004614 Korean text is garbled in calendar invitation to a user with a Chinese display name
5004615 “InvalidOperationException” and Store Worker process crashes during mailbox move
5004616 Changing the email address in EAC doesn’t work in modern browsers
5004618 MSExchangeMailboxAssistants 4999 Crash in ELCAssistant.InvokeInternalAssistant with System.NullReferenceException
5004619 Mailbox creation through ECP fails after installing Exchange Server 2019 or 2016 April update
5004622 “Cannot Send Mail – Your mailbox is full” error when you use iPhone mail to send very large attachments
5004623 PrepareADSchema required because of Active Directory schema change
5004629 No version updating after you install Exchange Server 2016
Notes:
If these Cumulative Updates contain schema changes compared to the Cumulative Update you have deployed, you need to run Setup with /PrepareSchema. If they contain Active Directory changes, you need to run /PrepareAD. Alternatively, permissions permitting, you can let Setup perform this step. Consult the Exchange schema versions page for version number comparison.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), support requires you to trail at most one version (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
Once upgraded, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The recommended upgrade order is internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
The Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 as well as Exchange 2016. Be advised that both of these CUs include the March security update KB5000871. AExchange 2016 will receive its final CU in March, 2021.
Links to the updates as well as a description of changes and fixes are described below. The column Schema and AD indicate if the CU contains Schema (/PrepareSchema) and Active Directory (PrepareAD) changes compared to the previous CU.
5001181 Certain search scenario can’t return expected result in Outlook online mode in Exchange Server 2019
5001182 Can’t use keyword “TMM” in a special pattern to search email in Exchange Server 2019
5001183 Attachment is treated as bad zip file on Edge Transport server in Exchange Server 2019 and 2016
5001184 EAC has no option to select the correct tenant for an Office 365 mailbox in Exchange Server 2019 and 2016
5001185 EAC has no option to select an archive domain for cloud-based archive in Exchange Server 2019 and 2016
5001186 Encoding of special characters isn’t preserved which causes missing text in Outlook in Exchange Server 2019 and 2016
5001188 Incorrect MRM properties stamped on mail item delivery when sending to multiple mailboxes on the same database in Exchange Server 2019 and 2016
5001189 Mailbox Audit log searches and Outlook both tied to MaxHitsForFullTextIndexSearches in Exchange Server 2019 and 2016
5001190 MonitoringGroup can’t control the placement of CAS monitoring mailboxes in Exchange Server 2019 and 2016
5001192 Microsoft Teams fails to show calendar because Autodiscover v2 isn’t site-aware in Exchange Server 2019 and 2016
5001193 New health mailboxes for databases are created every time Exchange Health Manager service is restarted
5001194 RFC certificate timestamp validation in Exchange Server 2019 and 2016
5001195 UPN specified when creating mailbox is overwritten automatically causing login failures in Exchange Server 2019 and 2016
5000631 Event IDs 1003, 1309 and 4999 are logged after installing Exchange Server 2019 CU8
4583558 PDF preview function in OWA leads to download action unexpectedly
Exchange 2016 CU20 fixes:
5001183 Attachment is treated as bad zip file on Edge Transport server in Exchange Server 2019 and 2016
5001184 EAC has no option to select the correct tenant for an Office 365 mailbox in Exchange Server 2019 and 2016
5001185 EAC has no option to select an archive domain for cloud-based archive in Exchange Server 2019 and 2016
5001186 Encoding of special characters isn’t preserved which causes missing text in Outlook in Exchange Server 2019 and 2016
5001188 Incorrect MRM properties stamped on mail item delivery when sending to multiple mailboxes on the same database in Exchange Server 2019 and 2016
5001189 Mailbox Audit log searches and Outlook both tied to MaxHitsForFullTextIndexSearches in Exchange Server 2019 and 2016
5001190 MonitoringGroup can’t control the placement of CAS monitoring mailboxes in Exchange Server 2019 and 2016
5001192 Microsoft Teams fails to show calendar due to Autodiscover v2 isn’t site aware in Exchange Server 2019 and 2016
5001193 New health mailboxes for databases are created every time Exchange Health Manager service is restarted
5001194 RFC certificate timestamp validation in Exchange Server 2019 and 2016
5001195 UPN specified when creating mailbox is overwritten automatically causing login failures in Exchange Server 2019 and 2016
4583558 PDF preview function in OWA leads to download action unexpectedly
Notes:
If these Cumulative Updates contain schema changes compared to the Cumulative Update you have deployed, you need to run Setup with /PrepareSchema. If they contain Active Directory changes, you need to run /PrepareAD. Alternatively, permissions permitting, you can let Setup perform this step. Consult the Exchange schema versions page for object version numbers.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), support requires you to trail at most one version (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
Once upgraded, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The recommended upgrade order is internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
The Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 as well as Exchange 2016. Be advised that Exchange 2016 will receive its final CU in March, 2021.
Links to the updates as well as a description of changes and fixes are described below.
4588297 Attachments can’t be downloaded or previewed from Outlook Web App
4583531 Design change about inline images will be forced to download but not open in a new tab of OWA in Exchange Server 2019
4583532 ELC MRM archiving fails due to DomainName in AuthServer in Exchange Server 2019
4583533 Exchange Server 2019 installation fails with error “The user has insufficient access rights”
4583534 Event ID 65535 System.Runtime.Serialization errors in Application log in Exchange Server 2019
4583535 New-Moverequest, Resume-Moverequest, and Remove-Moverequest not logged in Audit logs in Exchange Server 2019
4583536 Set-MailboxFolderPermission is included in Mail Recipient Creation in Exchange Server 2019
4583537 Update Korean word breaker in Exchange Server 2019
4583538 Microsoft Teams REST calls exceed the default value of maxQueryStringLength in Exchange Server 2019
4583539 Non-breaking space is visible in message body in Outlook in Exchange Server 2019
4583542 Server assisted search in Outlook doesn’t return more than 175 items in Exchange Server 2019
4583544 Lots of LDAP requests for FE MAPI w3wp lead to DDoS on DCs in Exchange Server 2019
4583545 Make DomainName in Authserver a multivalued parameter in Exchange Server 2019
4593465 Description of the security update for Microsoft Exchange Server 2019 and 2016: December 8, 2020
Exchange 2016 CU19 fixes:
4588297 Attachments can’t be downloaded or previewed from Outlook Web App
4583531 Design change about inline images will be forced to download but not open in a new tab of OWA in Exchange Server 2016
4583532 ELC MRM archiving fails due to DomainName in AuthServer in Exchange Server 2016
4583533 Exchange Server 2016 installation fails with error “The user has insufficient access rights”
4583534 Event ID 65535 System.Runtime.Serialization errors in Application log in Exchange Server 2016
4583535 New-Moverequest, Resume-Moverequest, and Remove-Moverequest not logged in Audit logs in Exchange Server 2016
4583536 Set-MailboxFolderPermission is included in Mail Recipient Creation in Exchange Server 2016
4583537 Update Korean word breaker in Exchange Server 2016
4583538 Microsoft Teams REST calls exceed the default value of maxQueryStringLength in Exchange Server 2016
4583539 Non-breaking space is visible in message body in Outlook in Exchange Server 2016
4583545 Make DomainName in Authserver a multivalued parameter in Exchange Server 2016
4593465 Description of the security update for Microsoft Exchange Server 2019 and 2016: December 8, 2020
Notes:
These Cumulative Updates contain schema changes compared to the previous Cumulative Update. This requires you to run /PrepareSchema. Also, Active Directory changes require you to run PrepareAD (which also can perform the schema update, depending permissions). Consult the Exchange schema versions page for object version numbers.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are allowed to trail at most one version (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
Be advised that these security updates are Cumulative Update level specific. You cannot apply the update for Exchange 2016 CU17 to Exchange 2016 CU16. Also, the security update download has the same name for different Cumulative Updates, and I would suggest tagging the file name with the CU level, e.g. Exchange2019-CU6-KB4588741-x64-en.msp.
Also, run the Security Update from an elevated command prompt, to prevent issues during installation. And on a final note, as with any patch or update, I’d recommend to apply this in a acceptance environment first, prior to implementing it in production.
Be advised that these security updates are Cumulative Update level specific. You cannot apply the update for Exchange 2016 CU17 to Exchange 2016 CU16. Also, the security update download has the same name for different Cumulative Updates, and I would suggest tagging the file name with the CU level, e.g. Exchange2019-CU6-KB4588741-x64-en.msp.
Also, run the Security Update from an elevated command prompt, to prevent issues during installation. And on a final note, as with any patch or update, I’d recommend to apply this in a acceptance environment first, prior to implementing it in production.
EighTwOne (821) 