Lucene search

K
mskbMicrosoftKB5035606
HistoryFeb 13, 2024 - 8:00 a.m.

Cumulative Update 14 for Exchange Server 2019 (KB5035606)

2024-02-1308:00:00
Microsoft
support.microsoft.com
47
exchange server 2019
security fixes
dst updates
extended protection
.net framework 4.8.1

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.088

Percentile

94.7%

Cumulative Update 14 for Exchange Server 2019 (KB5035606)

Important: This regularly scheduled cumulative update contains all the security fixes of the security updates in February and previous security updates.

Cumulative Update 14 for Microsoft Exchange Server 2019 was released on February 13, 2024. It includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. These fixes will also be included in later cumulative updates for Exchange Server 2019.

This update also includes:

  • New daylight saving time (DST) updates for Exchange Server 2019. For more information about DST, see Daylight Saving Time Help and Support Center.
  • Extended Protection enabled by default for Exchange Server 2019. For more information about Extended Protection, see Configure Windows Extended Protection in Exchange Server. For more information about prerequisites for enabling or disabling Extended Protection, see CU14 Announcement blog post.
  • Support for .NET Framework 4.8.1 on Microsoft Windows Server 2022.

This update resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

  • Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2024-21410

Issues that this cumulative update fixes

This cumulative update also fixes the issues that are described in the following Microsoft Knowledge Base articles:

  • 5035439 BlockModernAuth does not respond in AuthenticationPolicy
  • 5035442 Exchange Mitigation Service does not log incremental updates
  • 5035443 Read receipts are returned if ActiveSyncSuppressReadReceipt is “True” in Exchange Server 2019
  • 5035444 System.argumentnullexception when you try to run an eDiscovery search
  • 5035446 OAB shadow distribution fails if legacy authorization is blocked
  • 5035448 MCDB fails and leads to lagged copy activation
  • 5035450 Exchange 2019 setup installs a outdated JQuery library
  • 5035452 Usernames are not displayed in Event ID 23 and 258
  • 5035453 Issues in Exchange or Teams when you try to delegate information
  • 5035455 MSExchangeIS stops responding and returns “System.NullReferenceExceptions” multiple times per day
  • 5035456 “Deserialization blocked at location HaRpcError” error and Exchange replication stops responding
  • 5035493 FIP-FS Proxy Customizations are disabled after a CU or an SU update
  • 5035494 Modern attachment doesn’t work when web proxy is used in Exchange Server 2019
  • 5035495 OWA displays junk operations even if junk mail reporting is disabled
  • 5035497 Edit permissions option in the ECP can’t be edited
  • 5035542 Remote equipment and room mailboxes can now be managed through EAC
  • 5035616 Logon events failure after updating Windows Server
  • 5035617 Transport rules aren’t applied to multipart or alternative messages
  • 5035689 “High %Time in GC” and EWS doesn’t respond

Known issues in this cumulative update

  • When Setup.exe is used to run /PrepareAD, /PrepareSchema or /PrepareDomain, the installer reports that Extended Protection was configured by the installer, and it displays the following error message:

Exchange Setup has enabled Extended Protection on all the virtual directories on this machine.

  • RecoverServer fails and returns multiple “Cannot convert null to type” error messages. For more information and a workaround, see “Cannot convert null to type” error and Exchange 2019 CU14 RecoverServer fails.

Get Cumulative Update 14 for Exchange Server 2019

Method 1: Volume Licensing Center

  • To get Cumulative Update 14 for Exchange Server 2019, go to Microsoft Volume Licensing Center.

Note: The Cumulative Update 14 package can be used to run a new installation of Exchange Server 2019 or to upgrade an existing Exchange Server 2019 installation to Cumulative Update 14.

Method 2: Microsoft Download Center

  • You can get the standalone update package through the Microsoft Download Center.

Microsoft Exchange Server 2019 Cumulative Update 14 - Download the package now

Cumulative update information

Prerequisites

This cumulative update requires Microsoft .NET Framework 4.8.A component that’s used within Exchange Server requires a new Visual C++ component to be installed together with Exchange Server. This prerequisite can be downloaded at Visual C++ Redistributable Package for Visual Studio 2012.For more information about the prerequisites to set up Exchange Server 2019, see Exchange 2019 prerequisites.

Restart requirement

You might have to restart the computer after you apply this cumulative update package.

Registry information

You don’t have to make any changes to the registry after you apply this cumulative update package.

Removal information

After you install this cumulative update package, you can’t uninstall the package to revert to an earlier version of Exchange Server 2019. If you uninstall this cumulative update package, Exchange Server 2019 is removed from the server.

File information

File hash information

File name SHA256 hash
ExchangeServer2019-x64-cu14.iso 5A645313CF9662A12A32B48D0DE1BFDE70D93B61BD849059E1A9F27CC6ECA981

More information

For more information about the deployment of Exchange Server 2019, see Release notes for Exchange Server 2019.

For more information about the coexistence of Exchange Server 2019 and earlier versions of Exchange Server in the same environment, see Exchange Server 2019 system requirements.

For more information about other Exchange updates, see Exchange Server Updates: Build numbers and release dates.

References

Learn about the terminology that Microsoft uses to describe software updates.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.088

Percentile

94.7%