Exchange 2019 CU7 Exchange 2016 CU18

On September 15 Microsoft released two updates for their on-premises Exchange servers:

  • Exchange 2019 Cumulative Update 7
  • Exchange 2016 Cumulative Update 18

Note. This is the second-last Cumulative Update for Exchange 2016! As Microsoft has announced earlier, Exchange 2016 will be out of mainstream support this October. The last Cumulative Update is expected in December 2020.

Both updates contain security and nonsecurity updates, the recently released security update for Exchange 2016 and Exchange 2019 that addresses the CVE-2020-16875 vulnerability is also included in these CU’s.

Both updates also contain the latest Daylight Saving Time (DST) Updates.

There are no recent changes in Active Directory for Exchange, so if you are upgrading from Exchange 2019 CU2 (or later) to CU7 then there is no need to run prepare Active Directory (Setup.exe /PrepareSchema, Setup.exe /prepareAD and Setup.exe /prepareDomain). If for some reason the /PrepareAD is triggered, make sure you have sufficient permission to execute this command (member of the Enterprise Admins Security Group).

The same is true when upgrading from Exchange 2016 CU13 or later to Exchange 2016 CU18, there’s no need to run Setup.exe /PrepareSchema, Setup.exe /PrepareAD or Setup.exe /PrepareDomain.

Autodiscover EventID 1 can occur after installing Exchange 2019 CU3 or after installing Exchange 2016 CU14. I’ve blogged about this before on EventID 1 MSExchange Autodiscover. I am not sure if this still is the case 😉.


More information

CVE-2020-16875 Exchange Memory corruption vulnerability

Last week Microsoft released a Security Update for Exchange 2019 (CU5 and CU6) and Exchange 2016 (CU16 and CU17) that addresses the CVE-2020-16875 vulnerability.

It is recommended to test this update in your lab environment quickly and deploy them in production when no issues are found.

Download locations and KB articles can be found on my page under the Exchange 2019 or Exchange 2016 section.