Spring has sprung, and so have the latest quarterly updates for Exchange. April 2016 brings us updates for now four separate versions of Microsoft Exchange, and we’re here with what you need to know for each.
Still in support, though also what most would consider an N-3 platform, Exchange 2007 Service Pack 3 Update Rollup 19 is the latest RU for this venerable platform. There’s not a lot in this rollup other than an updated S/MIME control for OWA that includes SHA-2 signed code. Since SHA-1 is now considered unacceptable in the industry, updating to SHA-2 is smart. Users who use S/MIME in OWA will need to reinstall the S/MIME control in their browser to use the newly signed code. You can read about RU19 here and download it from here.
Exchange 2010 Service Pack 3 RU 13 brings two minor changes to Exchange. The first is as above with Exchange 2007; a newly signed S/MIME control using SHA-2. The second is great news for customers moving to Office 365, as this RU includes a new Hybrid Configuration Wizard. You can read about RU13 here and download it from here.
Exchange 2013 Cumulative Update 12 fixes several issues in Exchange 2013. These include bug fixes for EAC issues, ActiveSync issues, a bug that can crash a server if a null value exists in the X-OriginatorOrg header, issues with POP and IMAP, some performance issues, and interaction with Office 365. There is not a schema update required for this CU. You can read about RU13 here and download it from here.
For many, March was the month when Exchange 2016 is finally started to be considered “mainstream” because it has finally gotten its own Cumulative Update. Exchange 2016 Cumulative Update 1 includes a small number of fixes for 2016 including ActiveSync and Edge Transport bugs, a problem with quotas, and a welcome change – web.config will no longer be overwritten when you update so it will preserve any customizations you’ve made. There is a schema update required for this CU, so plan accordingly. You can read about RU13 here and download it from here.
What’s not been fixed
.Net Framework 4.6.1 is still not on the list for Exchange, so if you are wanting up patch this, you still need to wait. The Exchange team blog assures customers that they are working on the issue, but have not resolved it yet. The next CU for Exchange 2013 and 2016 may have this, but Microsoft is not committing to that, stating only “Support for .Net 4.6.1 is planned for future Cumulative Updates for Exchange Server 2013 and 2016.”
As with all updates, you should test in your lab before deploying to production. And as with all updates for Exchange, your Exchange servers will make outbound calls over TCP 80 to validate the code-signing certificates used for these updates. Don’t bypass that or block it, as the former reduces security and the latter just makes everything take longer. While customers in hybrid coexistence with Office 365 are required to maintain their on-prem Exchange servers at N or N-1, all customers are encouraged to keep their Exchange servers fully patched and up to date. Given the mission-critical nature of email to most businesses today, it’s hard to imagine a sysadmin not wanting to patch, so make sure you set aside time to test, and then to patch, your Exchange org as quickly as you can.