J003-Content-Quarterly-Updates-for-Exchange_SQJust in time for summer holidays, BBQs, and fireworks, Microsoft has released the latest series of Cumulative Updates for Exchange 2016 and 2013, as well as Update Rollups for Exchange 2010 and 2007. If you’re like me, and are looking forward to taking some time off soon, you may want to get these applied before you start your holiday. Here’s what you need to know.

Exchange 2016 CU 2

For starters, this will require an update to your Active Directory schema, so plan accordingly. You will need to run setup with both /prepareschema and /preparead switches.

Hooray! We can all finally update our .NET Framework, as this CU supports .NET 4.6.1. You want to patch Exchange, and the underlying operating system, before you apply the .NET update. Use this link to get Cumulative Update 2 for Exchange Server 2016 (KB3135742) and then apply it as normal; Edge, then CAS, then Mailbox roles. Then patch your operating system with the appropriate update as follows-

Then you can apply the update to the .NET Framework from here.

CU2 also updates Exchange with the latest global changes to Daylight Saving Time, and addresses issues with Exchange 2016 CU1, including the following.

This CU also introduces support for SHA-2 self-signed certificates, though you really should always and only use certificates from a third-party CA to minimize client challenges, and resolves an issue when migrating Public Folders. Office 365 customers should always be on the latest CU, but if you are not and have Public Folder migration in your future, note that a risk of dataloss occurs if you are not on at least this CU.

Remember too that this is the full Exchange 2016 install with CU2, so use this download to replace any media you are using to build new servers.

Exchange 2013 CU 13

Exchange 2013 CU13 does not update the schema, but does revise RBAC roles, so while you won’t need to /prepareschema you will need to /preparead when first running setup.

This too brings the ability to update the .NET Framework. As with Exchange 2016 CU2, you want to patch Exchange, and the underlying operating system, before you apply the .NET update. Use this link to get Exchange Server 2013 Cumulative Update 13 and then apply it as normal; Edge, then CAS, then Transport, then Mailbox roles. Then patch your operating system with the appropriate update as follows-

Then you can apply the update to the .NET Framework from here.

Exchange 2013 CU 13 also contains DST updates, and addresses the following additional issues-

And just as with Exchange 2016, use this download as the source for any additional Exchange 2013 servers you may build, as it is both an update to existing and full install media for new servers.

Exchange 2010 RU 14

Before we go any further, remember that Exchange 2010 is now in Extended Support. If you aren’t already starting to plan for its eventual retirement from your organization, it’s time you start. Since 2010 is in Extended Support, RU 14 will only add security updates since the last RU since there will be no more bug fixes or feature adds/improvements/updates. You can download it by clicking this link-Update Rollup 14 for Exchange Server 2010 Service Pack 3 (KB3151097).

Exchange 2007 RU 20

In case you missed it, Exchange 2007 has less than a year to go before it hits End of Life. By now you should be well on your way to retiring it from your environment. But if you still have it in the field, then RU20 should be applied to all of your 2007 servers, as it too contains security fixes. Download and apply Update Rollup 20 for Exchange Server 2007 Service Pack 3 (KB3151086) which resolves the security issue detailed in MS16-079.

As with all patching, test these in your lab before applying them in production to assure you don’t have any issues with third-party plugins, custom configurations, or anything else. But do apply them, as security updates are included in all four, and you want to keep in a supported state! With less than a year to go on 2007, and 2010 with less than four years, it’s definitely time to start looking at 2013 or 2016 if you haven’t already! Don’t wait until the last month to do this, as anything you look to do is going to take longer than that to complete.