J003-Content-Exchange-2013-CU9_SQExchange 2013 admins should be pleased to know that the latest cumulative update for Exchange 2013, CU9, has been released. Made available on June 16, admins can download this CU from http://www.microsoft.com/downloads/details.aspx?FamilyID=2a53a863-4cc8-46df-8e9d-04ef87b5439d.

Weighing in at 1.6 GB, this can be used to update existing Exchange 2013 installs or used to deploy a new server from scratch. Here’s the highlights of this latest CU.

It’s called a cumulative update, because it is!

Remember that you can use a CU to update any earlier version of Exchange 2013… they are cumulative. You can take a base install of 2013 RTM and update it with this, or you can update any Exchange 2013 server running any CU.

Even so, don’t take that to mean you can skip CUs

Please remember that CUs are patches, and include both bug fixes and security updates. Just because you can update a server from RTM to CU9, don’t take that to mean it’s cool to skip CUs. Ideally, you should be at N, or at worst, N-1. This will keep you in supported territory, and it also means you aren’t running code that may have publicly known and actively exploited vulnerabilities!

If you’re on CU8, you really want this CU!

CU8 and SP1 both have a security vulnerability, listed as MS15-064, which can lead to an escalation of privilege. CU9 resolves this, so while N-1 may be supported, N is the place to be.

Yes, you will have to reboot

Sorry to those of you who like to try to do stuff during the day. Unless you have full redundancy and DAGs and you want to fail users over to another server, you will be deploying this CU after hours since a reboot is required. Of course, if your Exchange server reboots faster than users’ workstations… no, better not try that one!

Will I need to update my schema?

If you are already running CU6 or earlier, then yes. If you already updated your schema when you deployed CU7 or CU8 then you are good to go!

Test before you deploy

A CU cannot be uninstalled. Attempting to do so removes Exchange from the server, so as with every patch and update, you should test this in the lab before you deploy it in production!

Installation order

Look at deploying this CU like any other update to Exchange. Start at the edge and work your way back in, so you will patch Edge Transport first, then CAS, then Mailbox servers.

There are 24 other fixes in this CU

Here’s the full list, along with links to KB articles, on what is fixed in CU9 other than MS15-064.

Additionally, this update resolves the issues that are described in the following Microsoft Knowledge Base articles:

Once again, don’t forget to first test before you deploy. After that, submit your change requests and get approval, perform full backups, and most importantly, plan to get all of your servers on the same CU as quickly as you can. While it is supported to be on different CUs between different roles, as long as you are no further back than N-1, best practices are to keep all your Exchange servers on the same version. So, get to testing, and then get to patching. Have fun!