This update rollup is included in a security update. This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is running Exchange Server. To learn more about these vulnerabilities, see the following Microsoft security advisories:
- Microsoft Common Vulnerabilities and Exposures CVE-2018-0924
- Microsoft Common Vulnerabilities and Exposures CVE-2018-0940
This update also includes new daylight saving time (DST) updates for Exchange Server 2010 Service Pack 3. For more information about DST, see Daylight Saving Time Help and Support Center.
Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state. To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually.
In addition, the fix for KB4054456 caused an issue in which EWS impersonation may no longer work when you try to access resource mailboxes in a different site. This issue will be fixed in a future update in Exchange Server 2010 Service Pack 3.
How to get and install the update
Method 1: Microsoft Update
This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the stand-alone update package through the Microsoft Download Center.
Update detail information
Learn more about how to install the latest update rollup for Exchange Server 2010.
The required services are restarted automatically after you apply this update rollup.
To remove Update Rollup 20 for Exchange Server 2010 SP3, use the Add or Remove Programs item in Control Panel to remove update 4073537.
Installing this update on a DBCS version of Windows Server 2012
You can't install or uninstall Update Rollup 19 for Exchange Server 2010 SP3 on a double-byte character set (DBCS) version of Windows Server 2012 if the language preference for non-Unicode programs is set to the default language. To work around this issue, you must first change this setting. To do this, follow these steps:
- In Control Panel, select Clock, Region and Language, select Region, and then select Administrative.
- In the Language for non-Unicode programs area, select Change system locale.
- On the Current system locale list, select English (United States), and then select OK.
After you successfully install or uninstall Update Rollup 19, revert this language setting as appropriate.
Security update deployment information
For deployment information about this update, see security update deployment information: March 13, 2018.
File hash information
|Package name||Package hash SHA 1||Package hash SHA 2|
The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.