Lucene search

K
mskbMicrosoftKB4571788
HistoryFeb 09, 2021 - 8:00 a.m.

Cumulative Update 18 for Exchange Server 2016

2021-02-0908:00:00
Microsoft
support.microsoft.com
104

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.506 Medium

EPSS

Percentile

97.5%

Cumulative Update 18 for Exchange Server 2016

Cumulative Update 18 for Microsoft Exchange Server 2016 was released on September 15, 2020. This cumulative update includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. These fixes will also be included in later cumulative updates for Exchange Server 2016. This update also resolves a vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2020-16875.This update also includes new daylight saving time (DST) updates for Exchange Server 2016. For more information about DST, see Daylight Saving Time Help and Support Center.

Known issues in this cumulative update

  • In multidomain Active Directory forests in which Exchange is installed or has been prepared previously by using the /PrepareDomain option in Setup, this action must be completed after the**/PrepareADcommand for this cumulative update has been completed and the changes are replicated to all domains. Setup will try to run the/PrepareAD** command during the first server installation. Installation will finish only if the user who initiated Setup has the appropriate permissions.
    • About the /PrepareDomain operation in multidomain:

The /PrepareDomain operation automatically runs in the Active Directory domain in which the**/PrepareAD command is run. However, it may be unable to update other domains in the forest. Therefore, a domain administrator should run the/PrepareDomain** in other domains in the forest.
* About the permission question:

As the /PrepareAD is triggered in Setup, if the user who initiates Setup isn’t a member of Schema Admins and Enterprise Admins, the readiness check will fail and you receive the following error messages.

the Active Directory schema isn't up-to-date error

To avoid the errors, either the user should join Schema Admins and Enterprise Admins groups or another user in Schema Admins and Enterprise Admins groups manually runs the /PrepareAD for this Cumulative Update first. Then the Exchange admin user can start Setup.

  • Autodiscover Event ID 1 occurs after you install Cumulative Update 14 for Exchange Server 2016. For more information, see KB 4532190.
  • Starting from Exchange Server 2016 CU17, in some cases you might see the string “&nbsp” in the body of an item that has been moved between folders or mailboxes using Outlook in Online Mode.

Issues that this cumulative update fixes

This cumulative update fixes the issues that are described in the following Microsoft Knowledge Base articles:

  • 4570248 Get-CASMailbox uses wrong LDAP filter for ECPEnabled in Exchange Server 2016
  • 4570252 Intermittent poison messages due to NotInBagPropertyErrorException in Exchange Server 2016
  • 4576649 System.InvalidCastException when you change passwords in Outlook on the web in Exchange Server 2016
  • 4570251 Inbox rule applying a personal tag doesn’t stamp RetentionDate in Exchange Server 2016
  • 4570245 ESEUtil /p fails if any long value (LV) is corrupted in Exchange Server 2016
  • 4570255 NullReferenceException occurs when you run TestFederationTrust in Exchange Server 2016
  • 4576650 Can’t add remote mailbox when setting email forwarding in Exchange Server 2016 Hybrid environment
  • 4570253 CompletedWithErrors without details for mailbox migration batches in Exchange Server 2016
  • 4570247 CSV log of Discovery export fails to properly escape target path field in Exchange Server 2016
  • 4570246 EdgeTransport crashes with Event ID 1000 (exception code 0xc00000fd) in Exchange Server 2016
  • 4570254 MSExchangeMapiMailboxAppPool causes prolonged 100% CPU in Exchange Server 2016
  • 4563416 Can’t view Online user free/busy status in Exchange Server 2016
  • 4576651 Can’t join Teams meetings from Surface Hub devices after installing Exchange Server 2016 CU16
  • 4577352 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 8, 2020

Get Cumulative Update 18 for Exchange Server 2016

Download Center

DownloadDownload Cumulative Update 18 for Exchange Server 2016 (KB4571788) nowDownloadDownload Exchange Server 2016 CU18 UM Language Packs nowNotes

  • The Cumulative Update 18 package can be used to run a new installation of Exchange Server 2016 or to upgrade an existing Exchange Server 2016 installation to Cumulative Update 18.
  • You don’t have to install any previously released Exchange Server 2016 cumulative updates or service packs before you install Cumulative Update 18.

Cumulative update information

Prerequisites

This cumulative update requires Microsoft .NET Framework 4.8. A component that’s used within Exchange Server requires a new Visual C++ component to be installed together with Exchange Server. This prerequisite can be downloaded at Visual C++ Redistributable Packages for Visual Studio 2013. For more information, see KB 4295081.For more information about the prerequisites to set up Exchange Server 2016, see Exchange 2016 prerequisites.

Restart requirement

You may have to restart the computer after you apply this cumulative update package.

Registry information

You don’t have to make any changes to the registry after you apply this cumulative update package.

Removal information

After you install this cumulative update package, you can’t uninstall the package to revert to an earlier version of Exchange Server 2016. If you uninstall this cumulative update package, Exchange Server 2016 is removed from the server.

File information

File hash information

File name SHA1 hash SHA256 hash
ExchangeServer2016-x64-cu18.iso 2AD6C38683824718751EAE97BCABF292D9638436 A10EC45C74C2E65E76FE03C8AAD4960CBE331629ED4D6C9592E18183AF662EBC

More information

For more information about the deployment of Exchange Server 2016, see Release notes for Exchange 2016.

For more information about the coexistence of Exchange Server 2016 and earlier versions of Exchange Server in the same environment, see Exchange 2016 system requirements.

For more information about other Exchange updates, see Exchange Server Updates: Build numbers and release dates.

References

Learn about the terminology that Microsoft uses to describe software updates.

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.506 Medium

EPSS

Percentile

97.5%