Update Rollup 20 for Exchange Server 2010 Service Pack 3

Applies to: Exchange Server 2010 Service Pack 3


This update rollup is included in a security update. This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is running Exchange Server. To learn more about these vulnerabilities, see the following Microsoft security advisories:

This update also includes new daylight saving time (DST) updates for Exchange Server 2010 Service Pack 3. For more information about DST, see Daylight Saving Time Help and Support Center.

Known issues

Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state. To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually.

In addition, the fix for KB4054456 caused an issue in which EWS impersonation may no longer work when you try to access resource mailboxes in a different site. This issue will be fixed in a future update in Exchange Server 2010 Service Pack 3.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center.

Download icon
Download Update Rollup 20 for Exchange Server 2010 SP3 (KB4073537)

Update detail information

Installation instructions

Learn more about how to install the latest update rollup for Exchange Server 2010.

Also learn about the following update installation scenarios.

Restart requirement

The required services are restarted automatically after you apply this update rollup.

Removal information

To remove Update Rollup 20 for Exchange Server 2010 SP3, use the Add or Remove Programs item in Control Panel to remove update 4073537. 

More Information

Installing this update on a DBCS version of Windows Server 2012

You can't install or uninstall Update Rollup 19 for Exchange Server 2010 SP3 on a double-byte character set (DBCS) version of Windows Server 2012 if the language preference for non-Unicode programs is set to the default language. To work around this issue, you must first change this setting. To do this, follow these steps:

  1. In Control Panel, select Clock, Region and Language, select Region, and then select Administrative.
  2. In the Language for non-Unicode programs area, select Change system locale.
  3. On the Current system locale list, select English (United States), and then select OK.

After you successfully install or uninstall Update Rollup 19, revert this language setting as appropriate.

Security update deployment information

For deployment information about this update, see security update deployment information: March 13, 2018

File hash information

Package name Package hash SHA 1 Package hash SHA 2
Exchange2010-KB4073537-x64-en.msp A29B9F0598D74C072D1D9D8113F9AF46CFA21428 C72D9E53497F20376611346EE84E9C703C2A139FB5BF4CF2866533B8F4520301

File information

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

How to get help and support for this security update

Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support