Description of the security update for Microsoft Exchange Server 2013 and 2016: August 14, 2018

Applies to: Exchange Server 2010 EnterpriseExchange Server 2013 EnterpriseExchange Server 2016 Enterprise Edition


This security update resolves vulnerabilities in Microsoft Exchange. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE): 

Known issues in this security update

When you try to manually install this security update in "normal mode" (not running the update as an operating system administrator) by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

To avoid this issue, follow these steps to manually install this security update:

  1. Select Start, select All Programs, and then select Accessories.
  2. Right-click Command prompt, and then select Run as administrator.
  3. If the User Account Control dialog box appears, confirm that the default action is the action that you want, and then select Continue.
  4. Type the full path of the .msp file, and then press Enter.

This issue does not occur when you install the update from Microsoft Update.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

Security update deployment information

For deployment information about this update, see security update deployment information: August 14, 2018

File information

File hash information

File name SHA1 hash SHA256 hash
CU10_Exchange2016-KB4340731-x64-en.msp 688D16E8BA77EC42795537CD34D2BD50AF2CF7A8 8D02B993D3FA288F00CF129F5D01AAEA4F7242F59580777787E9EBD9DC20F637
CU20_Exchange2013-KB4340731-x64-en.msp 09088D28C97599284945166703819286405F7D37 F3BCD4AD48F310B0AEB78C94760C9394E8662F98741813C4B19586B7A5314824
CU21_Exchange2013-KB4340731-x64-en.msp BC5BE218768397B9B97815E439672EEE0D55D6F2 D0B38A5E912DF2A68D7D5946B87D9B8494A952743DE1503EABD673D8D3641A72
CU9_Exchange2016-KB4340731-x64-en.msp ED171D2C29FD8C48F09CF5D6D810F6FC95D4FDA8 1708882D2D2E9220BCC745286B10FC4A111220777142B3CDD0BBD7A42CABDB6A

Exchange server file information

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

How to get help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support