Why Exchange Server updates matter

Published 04-26-2021 03:00 AM 7,238 Views

It is very important to keep updating your Exchange Servers to a supported Cumulative Update (CU). Simply put, your on-premises environments should always be ready to take an emergency security update (this applies to Exchange, Windows, and other Microsoft products you use on-premises). One thing we learned during the March 2021 release of Exchange Server security updates is that many of our customers were not ready to install security updates because they were not on supported cumulative update versions. With the threat landscape rapidly evolving, the importance of keeping your environment current should not be underestimated.

Please keep your Exchange Servers up to date. We want to continue helping you keep your environment secure, and this means your Exchange servers need to be up to date. This is a continuous process.

Once your Exchange servers are running a supported CU, ensure that the latest available Security Update (SU) is also installed. This will help address any vulnerabilities found since the release of the supported CU. To find recently released Exchange Server SUs, go to the Security Update Guide (filter on Exchange Server under Product Family). Exchange Server security updates are cumulative (an update released in April will also contain security fixes released in March, for example). We also announce all major updates on our blog.

We have prepared a set of questions and answers that cover what we hear most often about Exchange updates. If you are running into a different set of challenges keeping your environment up to date, please let us know in comments below!

Q&A

I updated my Exchange Servers a few months ago! How come they are ‘not supported’ today?

For versions of Exchange that are within mainstream support (see product lifecycle), Microsoft supports (releases relevant security fixes for) the two latest CUs. Sometimes the latest two CUs are referred to as “N and N-1”. As a current example, if the latest released CU is CU9 (‘N’), and the server version is Exchange Server 2019, then Microsoft at this time supports two Exchange Server 2019 CUs, N and N-1 (CU9 and CU8). When CU10 is released, the “supported CU window” will slide toward the newly released CU10 (and what used to be the N-1 supported CU, CU8, will become unsupported).

WhyUpdate01.jpg

Why does Microsoft release updates so often?

It is good that updates are released when issues are found. Microsoft (and other software vendors) release updates only when they are needed. CUs typically contain resolutions to feature problems that were reported to us by our customers (and can contain security updates from previous SUs) and are released quarterly. SUs are released only when actual security issues are found and fixed, and are typically released on a ‘patch Tuesday’. Let’s take an example of how a typical release flow for two CUs and two SUs we might release would look like:

  • On a particular month (let’s say March), we might release CU4; CU4 is cumulative and will include fixes and updates from before.
  • A month later we release CU4 SU1, a security update for CU4.
  • In May we then release CU4 SU2, an additional security update for CU4. CU4 SU2 will include updates released in CU4 SU1 also.
  • In June we release CU5, which will contain all updates released up to that point.

 WhyUpdate02.jpg

My Exchange Servers are working as expected, so why update them?

While we appreciate the ‘don’t fix what is not broken’ thinking, the reality is that keeping Exchange Server current allows you to ensure that it will keep working without major interruptions to functionality. Investing some time into Exchange Server maintenance (on your planned schedule) will give you a long-term benefit of well running system, with code as protected from vulnerabilities as you can get it.

Updating Exchange Server seems complicated; what exactly do I do?

Think of updating Exchange server in several stages:

  1. Take inventory: use the Exchange Server Health Checker script on GitHub to see if you are behind on your on-premises Exchange Server updates.
  2. Install updates: visit https://aka.ms/ExchangeUpdateWizard and choose your currently running CU and your target CU. Then click the “Tell me the steps” button, to get a list of steps to follow.
  3. Troubleshoot (if needed): follow the ExchangeUpdateWizard instructions and best practices for installation of updates carefully, including when to use an elevated command prompt. If you encounter errors during or after installation, see Repair failed installations of Exchange Cumulative and Security updates.

Why did Microsoft suddenly start releasing Exchange Server security updates?

Releasing security updates for Exchange Server is not new. Microsoft has been releasing Exchange Server updates on ‘patch Tuesday’ for years (when issues are found). Keeping up with these updates is a best practice.

How can I update Exchange Server when (insert 3rd party application name here) does not support either of the latest supported Exchange Server CUs?

Work with your 3rd party vendor to bring their software current in a timely manner. Consider that your Exchange environment contains a lot of valuable company directory and messaging information. Your priority should be to keep your environment as secure as possible.

How can we stay current when we are a 24x7 business and have no time to take our servers down for maintenance?

Many customers require Exchange Server to work 24x7. In fact, our update process is designed for these high-demand businesses. You should use Database Availability Groups (DAGs) and put servers that you are updating in Maintenance mode to enable a graceful and non-disruptive update process for your users. See Performing maintenance on DAG members for more information.

If we are in Hybrid mode and don’t actively use our on-premises Exchange Server, do we still need to stay current?

Even if you are only using Exchange Server on-premises to manage Exchange-related objects, you need to keep the server current. Note that the Hybrid Configuration Wizard (HCW) does not need to be re-run after updates are installed.

I looked at recent security update releases and the Common Vulnerabilities and Exposures (CVE) severity was not very high; so why update?

Microsoft recommends that you apply all available security updates because it can be difficult to understand how even lower severity vulnerabilities disclosed in one month might interact with vulnerabilities disclosed and fixed a month later. An attack may trigger only specific low-impact functionality on a remote target machine and nothing else, causing the scoring for the CVE to be quite low one month. For example, in the following month an important issue with that functionality could be discovered, but it might be only triggered locally and require significant user interaction. That on its own might also not be scored highly. But if your software is behind in updates, these two issues could combine into an attack chain, thereby scoring at critical levels.

We find it difficult to update because Active Directory (AD) schema extensions and Exchange installations require different teams to take action.

In cases where different teams need to perform separate actions to prepare for installation of Exchange Cumulative Updates (as those might require AD schema extension) – we recommend you request schema changes when we release new CUs that require them. Even if you do not need to update to the very latest CU (because last two CUs are supported for Exchange versions that are still within support lifetime) – the fact that Active Directory schema will be up to date means that if you do find that you need to install the latest CU, AD schema will already be updated. We release CUs quarterly and not all of them will require AD schema updates. You can track this here for Exchange 2016 and here for Exchange 2019.

The Exchange Team

10 Comments
New Contributor

Yes, it can be difficult and frustrating keeping MS Exchange up to date. The quarterly updates seem to come round so quickly.

In March and April, I was in the process or migrating from Exchange 2016 Hybrid to Exchange 2019 Hybrid, something that had been meticulously planned and scheduled. First there was the March CUs, then the March SUs and then the April SUs. All important updates that had to be promptly installed and tested, in the correct order. All this while deploying Exchange 2019 Hybrid and decommissioning Exchange 2016 Hybrid. I guess bad timing on my part, but all completed now. Hopefully things will be a bit quieter now, until the next round of CUs in June/July.

Microsoft

@sjhudson - other than the timing (which is something that cannot be fully predicted) - do you feel it is the release cadence (quarterly) that is the largest hurdle to keep up to date, in your opinion?

New Contributor

@Nino Bilic - The quarterly cadence is just fine (patch Tuesday is a different story :smiling_face_with_smiling_eyes:). The last few of months have been unique with the sequential release of important Security Updates, in addition to the scheduled Cumulative Updates. Additionally, as a result of COVID, many of us are having perform many Exchange maintenance and administration tasks remotely. I did of course perform the Exchange Hybrid installation and migration on-site!

Senior Member

I know, that patching Exchange is really hard work and most of the time it works as expected, but the last 3 CUs (18-20) for Exchange 2016 opened one bug by another, leading to the misery we saw in March. Admins had to install buggy CUs to get protected against Hafnium attacks. ExchangeAdmins are waiting for "clean" CUs... QualityControl should be alarmed, you are loosing customers, not everyone is able / allowed to use Microsoft365 solutions...

Frequent Contributor

Dear @The_Exchange_Team  @Nino Bilic please release Exchange Server 2019 for free to customers using it for Exchange Online hybrid or hybrid management purposes.

I see the need of this option for customers that want to stay current. 

 

 

Current state:

Only Exchange Server 2016 is for free in this usecase 

 

Issues:

- Exchange Server 2016 is not supported on Server 2019 LTSC

 

- Exchange Server 2016 is in extended support 

 

- Windows Server 2016 LTSC will be soon in Extended Support 

 

-Windows Server 2016 does not contain .net 4.8. By default as required for latest Exchange Server 2016 CU

 

-Windows Server 2016 LTasc5is known for very slow patching times and high downtimes for CBS applied patches. This issue will not be fixed. https://windowsserver.uservoice.com/forums/295047-general-feedback/suggestions/32121229-stop-the-win...

 

Solution:

- Windows Server 2019 LTSC is not affected by this. However only supports Exchange Server 2019

- the OS has much better security by default and better Defender capabilities

 

The only reason to keep up the Exchange Server 2016 offer (in addition) is to the provide very slow upgrading companies to support Windows Server 2012 R2 OS for Exchange Server 2016 and also to support 2012 R2 FFL/DFL and so using 2012R2 Domain Controllers (not everything compatible is recommended). 

 

Alternative:

Extend the free offer for this usecase to Windows Server 2022 LTSC and Exchange Server 202x

 

Usecase:

SMB customers that don't run DAG or Server Clustering, using Exchange 2016 for free as part of their Hybrid Exchange Online deployment or Exchange Onp-remises hybrid management 

 

Thanks for your understanding and soon response to this dilemma. 

 

Additional reasons:

Due to the March response we have seen customers that tried to apply latest Exchange CUs on outdated Server 2016 and caused issues which needed a full OS restore.

 

 

New Contributor

When these SU's fail to install - it's a nightmare. The rollback process leaves everything in an undesired state - services disabled, Etc. + sometimes with missing DLL files in the bin directory. It would be great if this process was a bit more trustworthy without having to cross your fingers hoping that it installs correctly without any issues. 

Senior Member

@The_Exchange_Team 

 

Download Link for EX2013 CU23 are broken.

 

Regards Steve

Frequent Visitor

Hi Team

My Exchange 2016 environment still on CU12 and i want to upgrade to CU18 .  

however, CU18 required AD update where as CU16 also required AD update.

in such case , do in need to perform CU16 AD update first followed by CU18 AD update?

OR

Can i directly perform CU18 AD update,?

 

Pls suggest. 

Microsoft

@Yogi1 - please see https://aka.ms/exchangeupdatewizard - it will tell you exactly what needs to be done. :)

Microsoft

@Stefan Thoma - should be back now! Sorry about that!

%3CLINGO-SUB%20id%3D%22lingo-sub-2280770%22%20slang%3D%22en-US%22%3EWhy%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2280770%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20%3CSTRONG%3Every%20important%20to%20keep%20updating%20your%20Exchange%20Servers%20to%20a%20supported%20Cumulative%20Update%20(CU)%3C%2FSTRONG%3E.%20Simply%20put%2C%20your%20on-premises%20environments%20should%20%3CEM%3Ealways%3C%2FEM%3E%20be%20ready%20to%20take%20an%20emergency%20security%20update%20(this%20applies%20to%20Exchange%2C%20Windows%2C%20and%20other%20Microsoft%20products%20you%20use%20on-premises).%20One%20thing%20we%20learned%20during%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Freleased-march-2021-exchange-server-security-updates%2Fba-p%2F2175901%22%20target%3D%22_blank%22%3EMarch%202021%20release%20of%20Exchange%20Server%20security%20updates%3C%2FA%3E%20is%20that%20many%20of%20our%20customers%20were%20not%20ready%20to%20install%20security%20updates%20because%20they%20were%20not%20on%20supported%20cumulative%20update%20versions.%20With%20the%20threat%20landscape%20rapidly%20evolving%2C%20the%20importance%20of%20keeping%20your%20environment%20current%20should%20not%20be%20underestimated.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPlease%20keep%20your%20Exchange%20Servers%20up%20to%20date%3C%2FSTRONG%3E.%20We%20want%20to%20continue%20helping%20you%20keep%20your%20environment%20secure%2C%20and%20this%20means%20your%20Exchange%20servers%20need%20to%20be%20up%20to%20date.%20%3CEM%3EThis%20is%20a%20continuous%20process%3C%2FEM%3E.%3C%2FP%3E%0A%3CP%3EOnce%20your%20Exchange%20servers%20are%20running%20a%20supported%20CU%2C%20ensure%20that%20the%20latest%20available%20Security%20Update%20(SU)%20is%20also%20installed.%20This%20will%20help%20address%20any%20vulnerabilities%20found%20since%20the%20release%20of%20the%20supported%20CU.%20To%20find%20recently%20released%20Exchange%20Server%20SUs%2C%20go%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESecurity%20Update%20Guide%3C%2FA%3E%20(filter%20on%20Exchange%20Server%20under%20Product%20Family).%20Exchange%20Server%20security%20updates%20are%20cumulative%20(an%20update%20released%20in%20April%20will%20also%20contain%20security%20fixes%20released%20in%20March%2C%20for%20example).%20We%20also%20announce%20all%20major%20updates%20on%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fehlo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eour%20blog%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EWe%20have%20prepared%20a%20set%20of%20questions%20and%20answers%20that%20cover%20what%20we%20hear%20most%20often%20about%20Exchange%20updates.%20If%20you%20are%20running%20into%20a%20different%20set%20of%20challenges%20keeping%20your%20environment%20up%20to%20date%2C%20please%20let%20us%20know%20in%20comments%20below!%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%227%22%3EQ%26amp%3BA%3C%2FFONT%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--491990018%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--491990017%22%20id%3D%22toc-hId--492938440%22%3E%3CEM%3EI%20updated%20my%20Exchange%20Servers%20a%20few%20months%20ago!%20How%20come%20they%20are%20%E2%80%98not%20supported%E2%80%99%20today%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EFor%20versions%20of%20Exchange%20that%20are%20within%20mainstream%20support%20(see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Flifecycle%2Fproducts%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eproduct%20lifecycle%3C%2FA%3E)%2C%20Microsoft%20supports%20(releases%20relevant%20security%20fixes%20for)%20the%20two%20latest%20CUs.%20Sometimes%20the%20latest%20two%20CUs%20are%20referred%20to%20as%20%E2%80%9CN%20and%20N-1%E2%80%9D.%20As%20a%20current%20example%2C%20if%20the%20latest%20released%20CU%20is%20CU9%20(%E2%80%98N%E2%80%99)%2C%20and%20the%20server%20version%20is%20Exchange%20Server%202019%2C%20then%20Microsoft%20at%20this%20time%20supports%20two%20Exchange%20Server%202019%20CUs%2C%20N%20and%20N-1%20(CU9%20and%20CU8).%20When%20CU10%20is%20released%2C%20the%20%E2%80%9Csupported%20CU%20window%E2%80%9D%20will%20slide%20toward%20the%20newly%20released%20CU10%20(and%20what%20used%20to%20be%20the%20N-1%20supported%20CU%2C%20CU8%2C%20will%20become%20unsupported).%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22WhyUpdate01.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274793i44A3345EC5664DB0%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22WhyUpdate01.jpg%22%20alt%3D%22WhyUpdate01.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1995522815%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1995522816%22%20id%3D%22toc-hId-1994574393%22%3E%3CEM%3EWhy%20does%20Microsoft%20release%20updates%20so%20often%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EIt%20is%20%3CEM%3Egood%3C%2FEM%3E%20that%20updates%20are%20released%20when%20issues%20are%20found.%20Microsoft%20(and%20other%20software%20vendors)%20release%20updates%20only%20when%20they%20are%20needed.%20CUs%20typically%20contain%20resolutions%20to%20feature%20problems%20that%20were%20reported%20to%20us%20by%20our%20customers%20(and%20can%20contain%20security%20updates%20from%20previous%20SUs)%20and%20are%20released%20quarterly.%20SUs%20are%20released%20only%20when%20actual%20security%20issues%20are%20found%20and%20fixed%2C%20and%20are%20typically%20released%20on%20a%20%E2%80%98patch%20Tuesday%E2%80%99.%20Let%E2%80%99s%20take%20an%20example%20of%20how%20a%20typical%20release%20flow%20for%20two%20CUs%20and%20two%20SUs%20we%20might%20release%20would%20look%20like%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EOn%20a%20particular%20month%20(let%E2%80%99s%20say%20March)%2C%20we%20might%20release%20CU4%3B%20CU4%20is%20cumulative%20and%20will%20include%20fixes%20and%20updates%20from%20before.%3C%2FLI%3E%0A%3CLI%3EA%20month%20later%20we%20release%20CU4%20SU1%2C%20a%20security%20update%20for%20CU4.%3C%2FLI%3E%0A%3CLI%3EIn%20May%20we%20then%20release%20CU4%20SU2%2C%20an%20additional%20security%20update%20for%20CU4.%20CU4%20SU2%20will%20include%20updates%20released%20in%20CU4%20SU1%20also.%3C%2FLI%3E%0A%3CLI%3EIn%20June%20we%20release%20CU5%2C%20which%20will%20contain%20all%20updates%20released%20up%20to%20that%20point.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22WhyUpdate02.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274794i6D32718B5AA04698%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22WhyUpdate02.jpg%22%20alt%3D%22WhyUpdate02.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-188068352%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-188068353%22%20id%3D%22toc-hId-187119930%22%3E%3CEM%3EMy%20Exchange%20Servers%20are%20working%20as%20expected%2C%20so%20why%20update%20them%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EWhile%20we%20appreciate%20the%20%E2%80%98don%E2%80%99t%20fix%20what%20is%20not%20broken%E2%80%99%20thinking%2C%20the%20reality%20is%20that%20keeping%20Exchange%20Server%20current%20allows%20you%20to%20ensure%20that%20it%20will%20keep%20working%20without%20major%20interruptions%20to%20functionality.%20Investing%20some%20time%20into%20Exchange%20Server%20maintenance%20(on%20your%20planned%20schedule)%20will%20give%20you%20a%20long-term%20benefit%20of%20well%20running%20system%2C%20with%20code%20as%20protected%20from%20vulnerabilities%20as%20you%20can%20get%20it.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1619386111%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1619386110%22%20id%3D%22toc-hId--1620334533%22%3E%3CEM%3EUpdating%20Exchange%20Server%20seems%20complicated%3B%20what%20exactly%20do%20I%20do%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EThink%20of%20updating%20Exchange%20server%20in%20several%20stages%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ETake%20inventory%3A%20use%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeHealthChecker%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchange%20Server%20Health%20Checker%20script%3C%2FA%3E%20on%20GitHub%20to%20see%20if%20you%20are%20behind%20on%20your%20on-premises%20Exchange%20Server%20updates.%3C%2FLI%3E%0A%3CLI%3EInstall%20updates%3A%20visit%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeUpdateWizard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FExchangeUpdateWizard%3C%2FA%3E%20and%20choose%20your%20currently%20running%20CU%20and%20your%20target%20CU.%20Then%20click%20the%20%E2%80%9CTell%20me%20the%20steps%E2%80%9D%20button%2C%20to%20get%20a%20list%20of%20steps%20to%20follow.%3C%2FLI%3E%0A%3CLI%3ETroubleshoot%20(if%20needed)%3A%20follow%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FExchangeUpdateWizard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExchangeUpdateWizard%3C%2FA%3E%20instructions%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fplan-and-deploy%2Finstall-cumulative-updates%3Fview%3Dexchserver-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ebest%20practices%20for%20installation%20of%20updates%3C%2FA%3E%20carefully%2C%20including%20when%20to%20use%20an%20elevated%20command%20prompt.%20If%20you%20encounter%20errors%20during%20or%20after%20installation%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fclient-connectivity%2Fexchange-security-update-issues%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERepair%20failed%20installations%20of%20Exchange%20Cumulative%20and%20Security%20updates%3C%2FA%3E.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CH2%20id%3D%22toc-hId-868126722%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-868126723%22%20id%3D%22toc-hId-867178300%22%3E%3CEM%3EWhy%20did%20Microsoft%20suddenly%20start%20releasing%20Exchange%20Server%20security%20updates%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EReleasing%20security%20updates%20for%20Exchange%20Server%20is%20not%20new.%20Microsoft%20has%20been%20releasing%20Exchange%20Server%20updates%20on%20%E2%80%98patch%20Tuesday%E2%80%99%20for%20years%20(when%20issues%20are%20found).%20Keeping%20up%20with%20these%20updates%20is%20a%20best%20practice.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--939327741%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--939327740%22%20id%3D%22toc-hId--940276163%22%3E%3CEM%3EHow%20can%20I%20update%20Exchange%20Server%20when%20(insert%203%3CSUP%3Erd%3C%2FSUP%3E%20party%20application%20name%20here)%20does%20not%20support%20either%20of%20the%20latest%20supported%20Exchange%20Server%20CUs%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EWork%20with%20your%203%3CSUP%3Erd%3C%2FSUP%3E%20party%20vendor%20to%20bring%20their%20software%20current%20in%20a%20timely%20manner.%20Consider%20that%20your%20Exchange%20environment%20contains%20a%20lot%20of%20valuable%20company%20directory%20and%20messaging%20information.%20Your%20priority%20should%20be%20to%20keep%20your%20environment%20as%20secure%20as%20possible.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1548185092%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1548185093%22%20id%3D%22toc-hId-1547236670%22%3E%3CEM%3EHow%20can%20we%20stay%20current%20when%20we%20are%20a%2024x7%20business%20and%20have%20no%20time%20to%20take%20our%20servers%20down%20for%20maintenance%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EMany%20customers%20require%20Exchange%20Server%20to%20work%2024x7.%20In%20fact%2C%20our%20update%20process%20is%20designed%20for%20these%20high-demand%20businesses.%20You%20should%20use%20Database%20Availability%20Groups%20(DAGs)%20and%20put%20servers%20that%20you%20are%20updating%20in%20Maintenance%20mode%20to%20enable%20a%20graceful%20and%20non-disruptive%20update%20process%20for%20your%20users.%20See%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fhigh-availability%2Fmanage-ha%2Fmanage-dags%23performing-maintenance-on-dag-members%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPerforming%20maintenance%20on%20DAG%20members%3C%2FA%3E%20for%20more%20information.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--259269371%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--259269370%22%20id%3D%22toc-hId--260217793%22%3E%3CEM%3EIf%20we%20are%20in%20Hybrid%20mode%20and%20don%E2%80%99t%20actively%20use%20our%20on-premises%20Exchange%20Server%2C%20do%20we%20still%20need%20to%20stay%20current%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EEven%20if%20you%20are%20only%20using%20Exchange%20Server%20on-premises%20to%20manage%20Exchange-related%20objects%2C%20you%20need%20to%20keep%20the%20server%20current.%20Note%20that%20the%20Hybrid%20Configuration%20Wizard%20(HCW)%20does%20%3CEM%3Enot%3C%2FEM%3E%20need%20to%20be%20re-run%20after%20updates%20are%20installed.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--2066723834%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2066723833%22%20id%3D%22toc-hId--2067672256%22%3E%3CEM%3EI%20looked%20at%20recent%20security%20update%20releases%20and%20the%20Common%20Vulnerabilities%20and%20Exposures%20(CVE)%20severity%20was%20not%20very%20high%3B%20so%20why%20update%3F%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EMicrosoft%20recommends%20that%20you%20apply%20all%20available%20security%20updates%20because%20it%20can%20be%20difficult%20to%20understand%20how%20even%20lower%20severity%20vulnerabilities%20disclosed%20in%20one%20month%20might%20interact%20with%20vulnerabilities%20disclosed%20and%20fixed%20a%20month%20later.%20An%20attack%20may%20trigger%20only%20specific%20low-impact%20functionality%20on%20a%20remote%20target%20machine%20and%20nothing%20else%2C%20causing%20the%20scoring%20for%20the%20CVE%20to%20be%20quite%20low%20one%20month.%20For%20example%2C%20in%20the%20following%20month%20an%20important%20issue%20with%20that%20functionality%20could%20be%20discovered%2C%20but%20it%20might%20be%20only%20triggered%20locally%20and%20require%20significant%20user%20interaction.%20That%20on%20its%20own%20might%20also%20not%20be%20scored%20highly.%20But%20if%20your%20software%20is%20behind%20in%20updates%2C%20these%20two%20issues%20could%20combine%20into%20an%20attack%20chain%2C%20thereby%20scoring%20at%20critical%20levels.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-420788999%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-420789000%22%20id%3D%22toc-hId-419840577%22%3E%3CEM%3EWe%20find%20it%20difficult%20to%20update%20because%20Active%20Directory%20(AD)%20schema%20extensions%20and%20Exchange%20installations%20require%20different%20teams%20to%20take%20action.%3C%2FEM%3E%3C%2FH2%3E%0A%3CP%3EIn%20cases%20where%20different%20teams%20need%20to%20perform%20separate%20actions%20to%20prepare%20for%20installation%20of%20Exchange%20Cumulative%20Updates%20(as%20those%20might%20require%20AD%20schema%20extension)%20%E2%80%93%20we%20recommend%20you%20request%20schema%20changes%20when%20we%20release%20new%20CUs%20that%20require%20them.%20Even%20if%20you%20do%20not%20need%20to%20update%20to%20the%20very%20latest%20CU%20(because%20last%20two%20CUs%20are%20supported%20for%20Exchange%20versions%20that%20are%20still%20within%20support%20lifetime)%20%E2%80%93%20the%20fact%20that%20Active%20Directory%20schema%20will%20be%20up%20to%20date%20means%20that%20if%20you%20%3CEM%3Edo%3C%2FEM%3E%20find%20that%20you%20need%20to%20install%20the%20latest%20CU%2C%20AD%20schema%20will%20already%20be%20updated.%20We%20release%20CUs%20quarterly%20and%20not%20all%20of%20them%20will%20require%20AD%20schema%20updates.%20You%20can%20track%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fplan-and-deploy%2Factive-directory%2Fad-schema-changes%3Fview%3Dexchserver-2016%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%20for%20Exchange%202016%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fplan-and-deploy%2Factive-directory%2Fad-schema-changes%3Fview%3Dexchserver-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%20for%20Exchange%202019%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22author%22%3EThe%20Exchange%20Team%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2280770%22%20slang%3D%22en-US%22%3E%3CP%3EWhy%20does%20it%20matter%20if%20you%20keep%20your%20Exchange%20Server%20updated%2C%20or%20not%3F%20What%20does%20it%20mean%20to%20be%20on%20a%20'supported%20version'%20of%20Exchange%20Server%3F%20Read%20more%20in%20this%20post!%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2280770%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%202013%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202019%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn%20premises%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETips%20'n%20Tricks%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2291557%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2291557%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20it%20can%20be%20difficult%20and%20frustrating%20keeping%20MS%20Exchange%20up%20to%20date.%20The%20quarterly%20updates%20seem%20to%20come%20round%20so%20quickly.%3C%2FP%3E%3CP%3EIn%20March%20and%20April%2C%20I%20was%20in%20the%20process%20or%20migrating%20from%20Exchange%202016%20Hybrid%20to%20Exchange%202019%20Hybrid%2C%20something%20that%20had%20been%20meticulously%20planned%20and%20scheduled.%20First%20there%20was%20the%20March%20CUs%2C%20then%20the%20March%20SUs%20and%20then%20the%20April%20SUs.%20All%20important%20updates%20that%20had%20to%20be%20promptly%20installed%20and%20tested%2C%20in%20the%20correct%20order.%20All%20this%20while%20deploying%20Exchange%202019%20Hybrid%20and%20decommissioning%20Exchange%202016%20Hybrid.%20I%20guess%20bad%20timing%20on%20my%20part%2C%20but%20all%20completed%20now.%20Hopefully%20things%20will%20be%20a%20bit%20quieter%20now%2C%20until%20the%20next%20round%20of%20CUs%20in%20June%2FJuly.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2292041%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2292041%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F566935%22%20target%3D%22_blank%22%3E%40sjhudson%3C%2FA%3E%26nbsp%3B-%20other%20than%20the%20timing%20(which%20is%20something%20that%20cannot%20be%20fully%20predicted)%20-%20do%20you%20feel%20it%20is%20the%20release%20cadence%20(quarterly)%20that%20is%20the%20largest%20hurdle%20to%20keep%20up%20to%20date%2C%20in%20your%20opinion%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2292799%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2292799%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3B-%20The%20quarterly%20cadence%20is%20just%20fine%20(patch%20Tuesday%20is%20a%20different%20story%20%3Asmiling_face_with_smiling_eyes%3A).%20The%20last%20few%20of%20months%20have%20been%20unique%20with%20the%20sequential%20release%20of%20important%20Security%20Updates%2C%20in%20addition%20to%20the%20scheduled%20Cumulative%20Updates.%20Additionally%2C%20as%20a%20result%20of%20COVID%2C%20many%20of%20us%20are%20having%20perform%20many%20Exchange%20maintenance%20and%20administration%20tasks%20remotely.%20I%20did%20of%20course%20perform%20the%20Exchange%20Hybrid%20installation%20and%20migration%20on-site!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2296217%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2296217%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EI%20know%2C%20that%20patching%20Exchange%20is%20really%20hard%20work%20and%20most%20of%20the%20time%20it%20works%20as%20expected%2C%20but%20the%20last%203%20CUs%20(18-20)%20for%20Exchange%202016%20opened%20one%20bug%20by%20another%2C%20leading%20to%20the%20misery%20we%20saw%20in%20March.%20Admins%20had%20to%20install%20buggy%20CUs%20to%20get%20protected%20against%20Hafnium%20attacks.%20ExchangeAdmins%20are%20waiting%20for%20%22clean%22%20CUs...%20QualityControl%20should%20be%20alarmed%2C%20you%20are%20loosing%20customers%2C%20not%20everyone%20is%20able%20%2F%20allowed%20to%20use%20Microsoft365%20solutions...%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2299693%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2299693%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5374%22%20target%3D%22_blank%22%3E%40Nino%20Bilic%3C%2FA%3E%26nbsp%3Bplease%20release%20Exchange%20Server%202019%20for%20free%20to%20customers%20using%20it%20for%20Exchange%20Online%20hybrid%20or%20hybrid%20management%20purposes.%3C%2FP%3E%3CP%3EI%20see%20the%20need%20of%20this%20option%20for%20customers%20that%20want%20to%20stay%20current.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrent%20state%3A%3C%2FP%3E%3CP%3EOnly%20Exchange%20Server%202016%20is%20for%20free%20in%20this%20usecase%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIssues%3A%3C%2FP%3E%3CP%3E-%20Exchange%20Server%202016%20is%20not%20supported%20on%20Server%202019%20LTSC%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Exchange%20Server%202016%20is%20in%20extended%20support%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Windows%20Server%202016%20LTSC%20will%20be%20soon%20in%20Extended%20Support%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-Windows%20Server%202016%20does%20not%20contain%20.net%204.8.%20By%20default%20as%20required%20for%20latest%20Exchange%20Server%202016%20CU%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-Windows%20Server%202016%20LTasc5%3CSPAN%3Eis%20known%20for%20very%20slow%20patching%20times%20and%20high%20downtimes%20for%20CBS%20applied%20patches.%20This%20issue%20will%20not%20be%20fixed.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwindowsserver.uservoice.com%2Fforums%2F295047-general-feedback%2Fsuggestions%2F32121229-stop-the-windows-update-madness-on-ws2016%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwindowsserver.uservoice.com%2Fforums%2F295047-general-feedback%2Fsuggestions%2F32121229-stop-the-windows-update-madness-on-ws2016%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESolution%3A%3C%2FP%3E%3CP%3E-%20Windows%20Server%202019%20LTSC%20is%20not%20affected%20by%20this.%20However%20only%20supports%26nbsp%3B%3CSPAN%3EExchange%20Server%202019%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E-%20the%20OS%20has%20much%20better%20security%20by%20default%20and%20better%20Defender%20capabilities%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20reason%20to%20keep%20up%20the%20Exchange%20Server%202016%20offer%20(in%20addition)%20is%20to%20the%20provide%20very%20slow%20upgrading%20companies%20to%20support%20Windows%20Server%202012%20R2%20OS%20for%20Exchange%20Server%202016%20and%20also%20to%20support%202012%20R2%20FFL%2FDFL%20and%20so%20using%202012R2%20Domain%20Controllers%20(not%20everything%20compatible%20is%20recommended).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlternative%3A%3C%2FP%3E%3CP%3EExtend%20the%20free%20offer%20for%20this%20usecase%20to%20Windows%20Server%202022%20LTSC%20and%20Exchange%20Server%20202x%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUsecase%3A%3C%2FP%3E%3CP%3ESMB%20customers%20that%20don't%20run%20DAG%20or%20Server%20Clustering%2C%20using%20Exchange%202016%20for%20free%20as%20part%20of%20their%20Hybrid%20Exchange%20Online%20deployment%20or%20Exchange%20On%3CSPAN%3Ep-remises%20hybrid%20management%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20understanding%20and%20soon%20response%20to%20this%20dilemma.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdditional%20reasons%3A%3C%2FP%3E%3CP%3EDue%20to%20the%20March%20response%20we%20have%20seen%20customers%20that%20tried%20to%20apply%20latest%20Exchange%20CUs%20on%20outdated%20Server%202016%20and%20caused%20issues%20which%20needed%20a%20full%20OS%20restore.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2311767%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2311767%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20these%20SU's%20fail%20to%20install%20-%20it's%20a%20nightmare.%20The%20rollback%20process%20leaves%20everything%20in%20an%20undesired%20state%20-%20services%20disabled%2C%20Etc.%20%2B%20sometimes%20with%20missing%20DLL%20files%20in%20the%20bin%20directory.%20It%20would%20be%20great%20if%20this%20process%20was%20a%20bit%20more%20trustworthy%20without%20having%20to%20cross%20your%20fingers%20hoping%20that%20it%20installs%20correctly%20without%20any%20issues.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2316358%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2316358%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDownload%20Link%20for%20EX2013%20CU23%20are%20broken.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%20Steve%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2318515%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2318515%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%3C%2FP%3E%3CP%3EMy%20Exchange%202016%20environment%20still%20on%20CU12%20and%20i%20want%20to%20upgrade%20to%20CU18%20.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3Ehowever%2C%20CU18%20required%20AD%20update%20where%20as%20CU16%20also%20required%20AD%20update.%3C%2FP%3E%3CP%3Ein%20such%20case%20%2C%20do%20in%20need%20to%20perform%20CU16%20AD%20update%20first%20followed%20by%20CU18%20AD%20update%3F%3C%2FP%3E%3CP%3EOR%3C%2FP%3E%3CP%3ECan%20i%20directly%20perform%20CU18%20AD%20update%2C%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPls%20suggest.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2319236%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2319236%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F380591%22%20target%3D%22_blank%22%3E%40Yogi1%3C%2FA%3E%26nbsp%3B-%20please%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fexchangeupdatewizard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fexchangeupdatewizard%3C%2FA%3E%26nbsp%3B-%20it%20will%20tell%20you%20exactly%20what%20needs%20to%20be%20done.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2319260%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Exchange%20Server%20updates%20matter%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2319260%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F192887%22%20target%3D%22_blank%22%3E%40Stefan%20Thoma%3C%2FA%3E%26nbsp%3B-%20should%20be%20back%20now!%20Sorry%20about%20that!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Apr 22 2021 12:30 PM
Updated by: