Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 12, 2019

Applies to: Exchange Server 2019Exchange Server 2016Exchange Server 2013

This update rollup is a security update that resolves vulnerabilities in Microsoft Exchange. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

Known issues in this security update

  • When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.

    When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. However, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working.

    This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

    To avoid this issue, follow these steps to manually install this security update:

    1. Select Start, and type cmd.
    2. In the results, right-click Command Prompt, and then select Run as administrator.
    3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
    4. Type the full path of the .msp file, and then press Enter.

    This issue does not occur when you install the update through Microsoft Update.

  • Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to their usual state.

    To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated Command Prompt window, see Start a Command Prompt as an Administrator.

How to get and install the update

Method 1: Microsoft Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center.

More information

Security update deployment information

For deployment information about this update, see security update deployment information: November 12, 2019

Security update replacement information

This security update replaces the following previously released updates:

File information

File hash information

Update name File name SHA1 hash SHA256 hash
Exchange Server 2019 Cumulative Update 3 Exchange2019-KB4523171-x64-en 5EC82254762FF0DF59CA43757D5EF22F7BCB7BC6 306FE4515F8D11F30676ED6BE5ACE5AC0C33B7F4DB42C084465C45FE0045CBC0
Exchange Server 2019 Cumulative Update 2 Exchange2019-KB4523171-x64-en 30F6EFA8A893DB7F0F3902E50289476309C12BF9 F974B4CBA38944C9051A80FE9A70A3A2228D36657B456B2B4894DA1DA8CE269B
Exchange Server 2016 Cumulative Update 14 Exchange2016-KB4523171-x64-en A1C28BC89EFB8D92F110D36DE41E6E0B81236DCD 3DC567A5F4940EB0A277603515F69D19BBC1EA489F21EC4F18F44CCBE2BF2665
Exchange Server 2016 Cumulative Update 13 Exchange2016-KB4523171-x64-en 5BD3CD441C1EFF5BA6AE4B7460C5EF774ADD1803 819927C3E63D31A84DD8289BEFE2DC99E02D989CC91C7C4D353B0B3A97605F1C
Exchange Server 2013 Cumulative Update 23 Exchange2013-KB4523171-x64-en 073BA1692FB968F7C977E137219798E70925DAF8 F0AEDC7E71D91B83DA45461E5DB0756DB85A8F9B5B7E84C56C89625C59185BBF

Exchange server file information

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

How to get help and support for this security update

Help for installing updates: Protect yourself online

Help for protecting your Windows-based computer from viruses and malware: Microsoft Security

Local support according to your country: International Support