SOLVED

Exchange 2016 Patch availability - can someone confirm that monthly patches are only for latest CU

%3CLINGO-SUB%20id%3D%22lingo-sub-893192%22%20slang%3D%22en-US%22%3EExchange%202016%20Patch%20availability%20-%20can%20someone%20confirm%20that%20monthly%20patches%20are%20only%20for%20latest%20CU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-893192%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20looking%20to%20upgrade%20an%20existing%20on%20premise%20Exchange%202010%20organisation%20to%20Exchange%202016.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReading%20the%20below%2C%20my%20highlight%20in%20bold%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fnam02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252FExchange%252Fnew-features%252Fupdates%253Fredirectedfrom%253DMSDN%2526view%253Dexchserver-2016%26amp%3Bdata%3D02%257C01%257C%257C8a9c2e9c3b89440e5a4108d748bdcf86%257C84df9e7fe9f640afb435aaaaaaaaaaaa%257C1%257C0%257C637057852369848637%26amp%3Bsdata%3Dm4g8sftObnwJu4Ln6jplLgYUG2GjXzF9Tldd7S6czIg%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fnew-features%2Fupdates%3Fredirectedfrom%3DMSDN%26amp%3Bview%3Dexchserver-2016%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22Exchange%20follows%20a%20quarterly%20delivery%20model%20to%20release%20Cumulative%20Updates%20(CUs)%20that%20address%20customer-reported%20issues%20and%20to%20possibly%20add%20new%20functionality%20and%2For%20features.%20Critical%20product%20updates%20(packages%20that%20address%20a%20Microsoft-released%20security%20bulletin%20or%20contain%20a%20change%20in%20time%20zone%20definitions)%20are%20released%20as%20needed%20on%20a%20monthly%20basis%20for%20the%20%3CSTRONG%3Emost%20recently%20released%20CU%20and%20the%20preceding%20CU.%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhich%20suggests%20to%20us%20that%20if%20we%20deploy%20CU14%2C%20CU15%20will%20be%20released%20in%20December%20and%20CU16%20in%20March%202020%20%E2%80%93%20therefore%20after%20March%202020%20we%20will%20need%20to%20upgrade%20because%20after%20that%20date%20monthly%20patches%20will%20no%20longer%20be%20released%20for%20CU14.%20This%20even%20though%20we%20will%20have%20been%20applying%20the%20monthly%20patches.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBefore%20I%20set%20in%20place%20a%20process%20with%20our%20team%20that%20an%20update%20is%20required%20every%20quarter%2C%20can%20someone%20confirm%20that%20we%20are%20reading%20this%20correctly%20please%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-893192%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-893928%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%202016%20Patch%20availability%20-%20can%20someone%20confirm%20that%20monthly%20patches%20are%20only%20for%20latest%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-893928%22%20slang%3D%22en-US%22%3EWe%20only%20issue%20security%20patches%20for%20the%20current%20and%20previous%20CU.%20We%20also%20roll%20them%20in%20to%20the%20next%20CU.%20%3CBR%20%2F%3E%3CBR%20%2F%3EPut%20it%20another%20way%3A%20If%20you%20install%20with%20CU14%20and%20we%20have%20to%20issue%20a%20security%20patch%2C%20we'll%20release%20the%20patch%20for%20CU14%20and%20CU13.%20When%20CU15%20becomes%20available%20and%20if%20we%20have%20to%20issue%20a%20security%20patch%20we'll%20release%20it%20for%20CU15%20and%20CU14.%20%3CBR%20%2F%3E%3CBR%20%2F%3EA%20quarter%20later%20we%20release%20CU16%2C%20and%20again%2C%20some%20security%20issue.%20We%20will%20release%20security%20patches%20for%20CU16%20and%20CU15%20only.%20%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20are%20still%20on%20CU14%2C%20no%20patch%20for%20you.%20%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20you%20should%20always%20try%20to%20be%20current%2C%20or%20worst%20case%20be%20one%20CU%20behind%2C%20or%20you%20won't%20get%20security%20patches.%20%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that's%20clear%20enough.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-896503%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%202016%20Patch%20availability%20-%20can%20someone%20confirm%20that%20monthly%20patches%20are%20only%20for%20latest%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-896503%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20Greg%2C%3C%2FP%3E%3CP%3EThat%20confirms%20exactly%20how%20we%20read%20it%2C%20I%20was%20just%20hoping%20we%20had%20read%20it%20wrong%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

We are looking to upgrade an existing on premise Exchange 2010 organisation to Exchange 2016.

 

Reading the below, my highlight in bold

https://docs.microsoft.com/en-us/Exchange/new-features/updates?redirectedfrom=MSDN&view=exchserver-2...

 

"Exchange follows a quarterly delivery model to release Cumulative Updates (CUs) that address customer-reported issues and to possibly add new functionality and/or features. Critical product updates (packages that address a Microsoft-released security bulletin or contain a change in time zone definitions) are released as needed on a monthly basis for the most recently released CU and the preceding CU."

 

Which suggests to us that if we deploy CU14, CU15 will be released in December and CU16 in March 2020 – therefore after March 2020 we will need to upgrade because after that date monthly patches will no longer be released for CU14. This even though we will have been applying the monthly patches.

 

Before I set in place a process with our team that an update is required every quarter, can someone confirm that we are reading this correctly please?

 

Thanks in advance

 

2 Replies
Best Response confirmed by TwistNShout (New Contributor)
Solution
We only issue security patches for the current and previous CU. We also roll them in to the next CU.

Put it another way: If you install with CU14 and we have to issue a security patch, we'll release the patch for CU14 and CU13. When CU15 becomes available and if we have to issue a security patch we'll release it for CU15 and CU14.

A quarter later we release CU16, and again, some security issue. We will release security patches for CU16 and CU15 only.

If you are still on CU14, no patch for you.

So you should always try to be current, or worst case be one CU behind, or you won't get security patches.

Hope that's clear enough.

@Greg Taylor - EXCHANGE 

Thanks Greg,

That confirms exactly how we read it, I was just hoping we had read it wrong ;)