Last September Microsoft released their quarterly Cumulative Updates for Exchange, Exchange 2016 CU18 and Exchange 2019 CU7. This was quickly followed by a security update, KB4581424 that addresses the CVE-2020-16969 Microsoft Exchange Information Disclosure vulnerability.
Unfortunately, the Exchange 2016 CU18 and Exchange 2019 CU7 contain a nasty bug. If you use OWA, open a shared mailbox and try to access an attachment, OWA redirects to Office 365 instead of the on-premises Exchange 2016/2019 server to download it. This happens in an hybrid environment, but also in a pure on-premises Exchange deployment without any Office 365 connection.
Microsoft is aware of this issue and it will be fixed in the next Cumulative Updates for Exchange 2016 and Exchange 2019. Looking at the quarterly cadence this should be by the end of this year.
If you have a Microsoft Premier support contract and this is an issue that impacts your business you can open a support ticket and request a fix for this. This service is available for Premier support customers only.
This fix is a replacement for the KB4581424 security update, as such it contains all the fixes in KB4581424, plus the OWA Attachment hotfix. If you are a Premier support customer and do have this fix available, make sure that you uninstall the KB4581424 first before installing this update. One workaround that I’ve seen in a newsgroup is not to open the Shared Mailbox as “Open another mailbox” but as “Add shared folder”. This should work also, but I have not tested it. I do have a customer with a Premier support contract, I can confirm the problem is fixed in the interim update.
On September 15 Microsoft released two updates for their on-premises Exchange servers:
Exchange 2019 Cumulative Update 7
Exchange 2016 Cumulative Update 18
Note. This is the second-last Cumulative Update for Exchange 2016! As Microsoft has announced earlier, Exchange 2016 will be out of mainstream support this October. The last Cumulative Update is expected in December 2020.
Both updates contain security and nonsecurity updates, the recently released security update for Exchange 2016 and Exchange 2019 that addresses the CVE-2020-16875 vulnerability is also included in these CU’s.
Both updates also contain the latest Daylight Saving Time (DST) Updates.
In earlier posts it was mentioned that no changes in Active Directory are introduced, so there was no need to run Setup with the /PrepareAD and /PrepareDomain option. However, when you check the Microsoft documentation you’ll notice that AD and Domain versions are increased, so this time there is a need to run /PrepareAD and /PrepareDomain. If you run the /PrepareAD, make sure you have sufficient permission to execute this command (member of the Enterprise Admins Security Group).
The same is true when upgrading for Exchange 2016. you must run Setup.exe /PrepareSchema, Setup.exe /PrepareAD or Setup.exe /PrepareDomain.
Autodiscover EventID 1 can occur after installing Exchange 2019 CU3 or after installing Exchange 2016 CU14. I’ve blogged about this before on EventID 1 MSExchange Autodiscover. I am not sure if this still is the case 😉.
Exchange 2019 CU7 is only available on the Volume License Service Center (VLSC)
Last week I had to upgrade a few Exchange 2013 CU15 servers to Exchange 2013 CU18. In a typical scenario upgrading to a newer Cumulative Update it’s not a big deal, not even when skipping a few versions, but in this scenario most likely you will hit the following error message:
It fails during the Prerequisite Analysis with the error message
Microsoft has released its quarterly updates for Exchange:
Exchange 2016 CU17.
Exchange 2013 CU18.
It has been quiet around these updates, and they do not bring a whole lot of features.
Important to note is that the minimum Forest Functional Level (FFL) has been raised to Windows Server 2008 R2. Personally I think this is an indication that more exciting stuff is along the way, especially around Exchange 2016 (my personal expectation, don’t shoot the messenger :-))
There are schema changes in Exchange 2016 CU7, so when installing this update you have to execute the following commands:
When it comes to the .NET Framework, Microsoft is working on a new .NET Framework release (version 4.7.1). The upcoming quarterly update of December 2018 will support this version of the .NET Framework.