Cumulative Update 2 for Exchange Server 2013 was re-released today. This re-release fixes a serious permission issue when moving modern public folders mailboxes around, as described by the Exchange team here. For more information on changes already incorporated in the original CU2, check the original post on CU2 here.
The part which might confuse some people is that they updated the version of the CU (like they did for some Rollups in the past) while keeping the knowledge base article KB2859928 and download link identical to the original CU2; only the version number has been increased a notch (15.0.712.24). When you download the file it will contain a v2 postfix, i.e. Exchange2013-KB2859928-x64-v2.exe, which is helpful for identification purposes.
Because of the “every server is an island” principle, you don’t need to stick to a certain order when implementing Exchange 2013 updates and in theory you can just update your Mailbox servers. However, be advised that Exchange 2013 security fixes – which are CU level bound as mentioned here and emphasized here – will be based on CU2v2, which means you ultimately must implement CU2v2 on all of your Exchange 2013 servers.
Note that CU2v2 is a full installation set. Before installing CU2v2, make sure to save customized OWA settings as the web.config files might get overwritten causing OWA to use default settings (see KB2871485).
As with any update, I’d recommend to thoroughly test this in a test and acceptance environment first (re-releases make a great business case), prior to implementing it in production.
You can download Exchange 2013 CU2 v2 here.