Today, the Exchange Team released the March updates for Exchange Server 2013 and 2016, as well as Exchange Server 2010 and 2007. The latter will receive its last update, as Exchange 2007 will reach end-of-life April 11, 2017.
As announced in December updates, Exchange 2013 CU16 and Exchange 2016 CU5 require .NET 4.6.2. The recommended upgrade paths:
- If you are still on .NET 4.6.1, you can upgrade to .NET 4.6.2 prior of after installing the latest Cumulative Update.
- If you are on .NET 4.52, upgrade to Exchange 2016 CU4 or Exchange 2013 CU15 if you are not already on that level, then upgrade to .NET 4.6.2, and finally upgrade to the the latest Cumulative Update.
The Cumulative Updates also include DST changes, which is also contained in the latest Rollups published for Exchange 2010 and 2007.
For a list of fixes in these updates, see below.
Exchange 2016 CU5 fixes:
- KB4015665 SyncDelivery logging folders and files are created in wrong location in Exchange Server 2016
- KB4015664 A category name that has different case-sensitivity than an existing name is not created in Exchange Server 2016
- KB4015663 “The message content has become corrupted” exception when email contains a UUE-encoded attachment in Exchange Server 2016
- KB4015662 Deleted inline picture is displayed as attachment after you switch the message to plain text in Exchange Server 2016
- KB4015213 Email is still sent to Inbox when the sender is deleted from the Trusted Contacts list in Exchange Server 2016
- KB4013606 Search fails on Exchange Server 2016 or Exchange Server 2013
- KB4012994 PostalAddressIndex element isn’t returning the correct value in Exchange Server 2016
Exchange 2013 CU16 fixes:
- KB4013606 Search fails on Exchange Server 2016 or Exchange Server 2013
Exchange 2016 CU5 doesn’t include schema changes, however, Exchange 2016 CU5 as well as Exchange 2013 CU16 may introduce RBAC changes in your environment. Where applicable, use setup /PrepareSchema to update the schema or /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers. To verify this step has been performed, consult the Exchange schema overview.
When upgrading your Exchange 2013 or 2016 installation, don’t forget to put the server in maintenance mode when required. Do note that upgrading, before installing the Exchange binaries, setup will put the server in server-wide offline-mode.
Using Windows Management Framework (WMF)/PowerShell version 5 on anything earlier than Windows Server 2016 is not supported. Don’t install WMF5 on your Exchange servers running on Windows Server 2012 R2 or earlier.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are allowed to stay at least one version behind (n-1).
- If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
- Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates.
- Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
- The order of upgrading servers with Cumulative Updates is irrelevant.
Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
– A new Outlook on the web compose experience
– Support for .Net 4.6.2
– Change to Pre-Requisites installed by Setup
– Update on Windows Server 2016 support KB3206632
– Latest time zone updates
– Important Public Folder fix included in these releases
Exchange Server 2016 Cumulative Update 4 (KB3177106), Download, UM Lang Packs
Exchange Server 2013 Cumulative Update 15 (KB3197044), Download, UM Lang Packs
Exchange Server 2010 Service Pack 3 Update Rollup 16 (KB3184730), Download
Exchange Server 2007 Service Pack 3 Update Rollup 22 (KB3184712), Download
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In Libraries that are built into Exchange Server. This issue might occur if an attacker sends an email message with a specially crafted attachment to a vulnerable Exchange Server computer. To learn more about this vulnerability, see Microsoft Security Bulletin MS16-108.
More information about this security update
The following articles contain more information about this security update as it relates to individual product versions.
- 3184736 MS16-108: Description of the security update for Exchange Server 2016 and Exchange Server 2013: September 13, 2016
- 3184728 MS16-108: Update Rollup 15 for Exchange Server 2010 Service Pack 3: September 13, 2016
- 3184711 MS16-108: Update Rollup 21 for Exchange Server 2007 Service Pack 3: September 13, 2016
.Net 4.6.1 Support
Support for .Net 4.6.1 is now available for Exchange Server 2016 and 2013 with these updates. We fully support customers upgrading servers running 4.5.2 to 4.6.1 without removing Exchange. We recommend that customers apply Exchange Server 2016 Cumulative Update 2 or Exchange Server 2013 Cumulative Update 13 before upgrading .Net FrameWork. Servers should be placed in maintenance mode during the upgrade as you would do when applying a Cumulative Update. Support for .Net 4.6.1 requires the following post release fixes for .Net as well.
Note: .Net 4.6.1 installation replaces the existing 4.5.2 installation. If you attempt to roll back the .Net 4.6.1 update, you will need to install .Net 4.5.2 again.
AutoReseed Support for BitLocker
Beginning with Exchange 2013 CU13 and Exchange 2016 CU2, the Disk Reclaimer function within AutoReseed supports BitLocker. By default, this feature is disabled. For more information on how to enable this functionality, please seeEnabling BitLocker on Exchange Servers.
SHA-2 Support for Self-Signed Certificates
The New-ExchangeCertificate cmdlet has been updated to produce a SHA-2 certificate for all self-signed certificates created by Exchange. Creating a SHA-2 certificate is the default behaviour for the cmdlet. Existing certificates will not automatically be regenerated but newly installed servers will receive SHA-2 certificates by default. Customers may opt to replace existing non-SHA2 certificates generated by previous releases as they see fit.
Migration to Modern Public Folder Resolved
The issue reported in KB3161916 has been resolved.
This cumulative update fixes the following issues:
This cumulative update also fixes the issues that are described in the KB 3160339 MS16-079: Security update for Microsoft Exchange: June 14, 2016 and KB 3134844 Cumulative Update 1 for Exchange Server 2016
Microsoft Knowledge Base articles.
This update also includes new daylight saving time (DST) updates for Exchange Server 2016. For more information about DST, go to Daylight Saving Time Help and Support Center.
Exchange Analyzer is a PowerShell tool that scans an Exchange Server 2013 or 2016 organization and reports on compliance with best practices.
Exchange Analyzer is a community project, and is currently a beta release seeking feedback and results from real world environments.
To read the latest information about Exchange Analyzer click here to visit the project’s ReadMe on Github. More information can also be found in the Exchange Analyzer Wiki.
1. Download the latest Zip file
2. Extract or copy the following files and folders to a computer that has the Exchange 2013 or 2016 management shell installed. For example, place all of the files and folders in a C:\Scripts\ExchangeAnalyzer folder.
3. Copy the folders in the \Modules folder to C:\Windows\System32\WindowsPowerShell\v1.0\Modules\
4. Open a new Exchange Management Shell
Important Note: if you are updating your copy of Exchange Analyzer please make sure you copy the updated module in step 3.
Running Exchange Analyzer
To run the Exchange Analyzer open an Exchange management shell, navigate to the folder with the script files (e.g. C:\Scripts\ExchangeAnalyzer) and run:
Exchange Analyzer produces a HTML report with a simple “Passed/Failed” indicator and a list of passed and/or failed objects. Links to more info are provided to assist you with further interpretation of the report.
Feedback and Questions
Before submitting feedback or questions please review the Exchange Analyzer FAQ.
You can help with bug fixes by submitting issues on Github. If you would like to contribute fixes or other code please review theExchange Analyzer Wiki.
You can also send email to email@example.com.
14/01/2016 – v0.1.0-Beta.1
- First public beta release
28/01/2016 – v0.1.1-Beta.2
- Second beta release. Details of changes are here.
This security update resolves a vulnerability in Microsoft Exchange Server that could allow information disclosure if Outlook Web Access (OWA) doesn’t handle web requests, sanitize user input and email content correctly.
To learn more about the vulnerability, see Microsoft Security Bulletin MS16-010.
Microsoft Exchange Server 2013 Service Pack 1 (3124557)
Microsoft Exchange Server 2013 Cumulative Update 10 (3124557)
Microsoft Exchange Server 2013 Cumulative Update 11 (3124557)
Microsoft Exchange Server 2016 (3124557)