• Home
  • About
  • Blog
  • Training
  • Books
  • Contact
    • Email
    • Facebook
    • Twitter
    • RSS

Practical 365

  • Office 365
  • Exchange 2019
  • Exchange 2016
  • Exchange 2013
  • Hybrid
  • Certificates
  • PowerShell
  • Migration
You are here: Home / Blog / June 2018 Updates Released for Exchange Server

June 2018 Updates Released for Exchange Server

June 20, 2018 by Paul Cunningham 12 Comments

Microsoft has released the latest quarterly updated for Exchange Server 2016 and 2013, as well as an update rollup for Exchange 2010.

  • Exchange Server 2016 Cumulative Update 10 (KB4099852), Download, UM Lang Packs
  • Exchange Server 2013 Cumulative Update 21 (KB4099855), Download, UM Lang Packs
  • Exchange Server 2010 Update Rollup 22 (KB4295699), Download

Some notes to be aware of:

  • Exchange 2016 CU10 and Exchange 2013 CU21 require .NET Framework 4.7.1 be installed on the server before you install the CU. This requirement was called out as far back as September 2017. If you have a scenario where you can't see a path to upgrade .NET and Exchange while staying within supported combinations of the two, refer to this article for guidance.
  • The VC++ 2013 runtime is also a pre-requisite for the updates released this month to “provide current and future security updates for a third party component shipped with Exchange Server. The component provides WebReady Document Viewing in Exchange Server 2010 and 2013 and Data Loss Prevention in Exchange Server 2013 and 2016.”
  • Also included in these updates is a critical security patch for the Oracle Outside In libraries, which provide “WebReady Document Viewing in Exchange Server 2010 and 2013 and Data Loss Prevention in Exchange Server 2013 and 2016.” The update is described in MSRC advisory ADV180010. Microsoft has not allocated a severity rating to their advisory (currently it says “None”), but Oracle refers to it as a critical update in their advisory in April. It's unclear whether that is due to previous critical vulnerabilities patched in the code, or new ones disclosed in April.

Microsoft's normal practice is to release security updates separately to cumulative updates. In other words, a security update for a supported version of Exchange should always be available as a standalone update, and not require you to install an entire CU to receive the security update. This quarter they have not done that. The security update included in these quarterly updates is not available separately. Microsoft's statement on this matter is:

The Exchange team has previously stated they will not ship security fixes in a cumulative update not previously released separate from a cumulative update. That goal and official plan of record are unchanged. Shipping the updated third party components in a cumulative update was necessary to integrate a new version of the components and a new product dependency not previously required by Exchange in a manner customers are accustomed to with minimal disruption to the Windows Update process.

New Exchange 2016 and 2013 Cmdlets for Creating and Modifying Remote Shared Mailboxes

A long standing issue with managing shared mailboxes in hybrid environments has been the inability to manage shared mailboxes in Exchange Online by running on-premises Exchange cmdlets. For user mailboxes, the New-RemoteMailbox, Enable-RemoteMailbox, and Set-RemoteMailbox cmdlets can be used. But for shared mailboxes it was necessary to create the shared mailbox on-premises first, then migrate it to Exchange Online. Or alternatively, create the remote mailbox as a user mailbox in Exchange Online, and then convert it to a shared mailbox.

Quietly mentioned in the release notes for the cumulative updates released this quarter are updates to the *-RemoteMailbox cmdlets to add a -Shared parameter, enabling the management of remote shared mailboxes from the on-premises Exchange management shell.

To receive this update you must ensure that you prepare your Active Directory using the setup.exe file in Exchange 2016 CU10 or Exchange 2013 CU21.

1
C:\temp\exchangeCU\> setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

If you do not manually prepare AD then setup might not do the preparation automatically for you. This depends on which previous version of Exchange you're updating from. The safest approach is to manually prepare AD yourself to ensure that it is done.

Exchange Server 2013 Extended Support

Microsoft has included a note in this release that Exchange Server 2013 is now in the extended support phase of its lifecycle. Cumulative Update 21 is the last planned CU for Exchange Server 2013, so you must update to CU21 to continue to receive security updates, and for support in hybrid environments. Microsoft may at their discretion release future CUs if required for security or hybrid compatibility reasons.

Exchange Server 2010 Updates

Exchange 2010 SP3 UR22 adds support for Windows Server 2016 domain controllers. Prior to this update it was necessary to include pre-2016 domain controllers in AD sites where Exchange 2010 is running.

There are no restrictions to adding Windows Server 2016 domain controllers in forests where Exchange Server 2010 is deployed. Support for Active Directory Forest Functional Levels through Windows Server 2016 is included. Domain Controllers must be running Windows Server 2016 updates released through June 2018 to be supported. Customers are encouraged to remain current by applying monthly operating system quality updates.

UR22 also fixes an Exchange Web Services (EWS) impersonation issue for 2010/2016 co-existence environments.

Additional Information

  • Best Practices: Keeping Exchange Servers Updated
  • PSA: You Should Keep a Copy of Every Exchange Server Update
  • FAQ: In What Order Should You Install Service Packs, Update Rollups, and Cumulative Updates?
  • Guidance for Customers Running Outdate Exchange Server Cumulative Updates and .NET Framework Versions
  • Installing Cumulative Updates on Exchange Server 2016
  • Installing Cumulative Updates on Exchange Server 2013
Paul Cunningham

Paul is a Microsoft MVP for Office Apps and Services and a Pluralsight author. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server.

Blog Cumulative Updates, Exchange 2010, Exchange 2013, Exchange 2016, Security Updates, Update Rollups

Comments

  1. Amr says

    June 21, 2018 at 7:34 pm

    Hello, Should VC++ 2013 runtime be installed separately ? if yes should it be done before or after CU deployment? if no , is the package already included in the CU? thanks in advance.

    Reply
    • Paul Cunningham says

      June 21, 2018 at 9:44 pm

      It is a pre-requisite, which means it must be installed before the CU. It is not included in the CU.

      Reply
      • Amr says

        June 21, 2018 at 10:28 pm

        Awesome , thanks a lot for your prompt response.

        Reply
  2. Amit says

    June 22, 2018 at 10:55 pm

    I have Exchange 2010 SP3 RU18. I don’t have any product on my server using Oracle. Do, i still need to update to RU22.

    Reply
    • Paul Cunningham says

      June 23, 2018 at 10:04 am

      Yes. The Oracle library is used by Exchange, it’s part of the Exchange product and you won’t see it listed separately as installed software on the server, but it is there. So yes, you need to update to patch that vulnerable component.

      Reply
  3. prab says

    June 25, 2018 at 10:59 pm

    Hi Paul,

    I am preparing to update Exchange 2013 CU10 to CU 21. I would appreciate if you could point me the exact path to follow to update to CU21.

    Before CU21 was release, my plan was to:
    1. update to CU15
    2. update to .Net 4.6.2
    3. Install CU20
    4. update 4.7.1

    Thanks,

    Reply
    • Paul Cunningham says

      June 26, 2018 at 9:17 am

      Please read the links at the end of the article. They answer your question.

      Reply
  4. Stiliyan Stoychev says

    July 1, 2018 at 8:35 pm

    Thx Paul for this article!

    Reply
  5. Pete says

    July 1, 2018 at 9:52 pm

    Hey mate.
    Good reading. Thanks for sharing your knowledge.

    The link in your article seems to go to “Microsoft .NET Framework 4.7” (not version 4.7.1).
    Was wondering, is this a “link-o” or a “type-o”?

    Reply
    • Paul Cunningham says

      July 2, 2018 at 6:54 am

      Fixed, thank you.

      Reply
  6. Mark says

    July 3, 2018 at 6:05 am

    Any reports of significant problems or known issues after installing CU10 for Exchange 2016 in the wild? I haven’t seen any.

    Will be first time doing an Exchange CU update, so proceeding with caution.

    Is there a good ‘waiting’ time period before installing a CU update? (Outside of lab testing, etc.)

    Thanks for sharing this info!

    Reply

Leave a Reply Cancel reply

You have to agree to the comment policy.

Recent Articles

  • How to configure custom branding for Office 365 Message Encryption
  • The clock is ticking on Exchange Server 2010
  • How to licence Exchange Hybrid servers
  • How to use the Azure Content Moderator in Office 365
  • Hybrid Agent & Exchange Modern Hybrid now available as a public preview
Practical 365

Training Courses

  • Configuring and Managing Office 365 Security
  • Office 365 Admin Playbook
  • Exchange 2016 Exam 70-345
  • Managing Exchange Mailboxes and Distribution Groups in PowerShell
  • More Training Courses...

Recommended Resources

  • Office 365 Security Resources
  • Office 365 Books
  • Exchange Server Books
  • Exchange Server Migrations
  • Exchange Analyzer
  • Digicert SSL Certificates

About This Site

Practical 365 is a leading site for Office 365 and Exchange Server news, tips and tutorials. Read more...
  • Email
  • Facebook
  • Twitter
  • RSS

Copyright © 2019 Quadrotech Solutions AG · Disclosure · Privacy Policy
Alpenstrasse 15, 6304 Zug, Switzerland

We are an Authorized DigiCert™ SSL Partner.