Description of the security update for Microsoft Exchange Server 2013 and 2016: October 9, 2018

Applies to: Exchange Server 2016Exchange Server 2013


This security update resolves vulnerabilities in Microsoft Exchange. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

Known issues in this security update

When you try to manually install this security update in "normal mode" (not running the update as an operating system administrator) by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

To avoid this issue, follow these steps to manually install this security update:

  1. Select Start, select All Programs, and then select Accessories.
  2. Right-click Command prompt, and then select Run as administrator.
  3. If the User Account Control dialog box appears, confirm that the default action is the action that you want, and then select Continue.
  4. Type the full path of the .msp file, and then press Enter.

This issue does not occur when you install the update from Microsoft Update.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center.

Security update deployment information

For deployment information about this update, see security update deployment information: October 9, 2018

File information

File hash information

File name SHA1 hash SHA256 hash
CU10_Exchange2016-KB4459266-x64-en.msp BB34C900277EFB9C1FAE05AC594151B4D455B4DE 3819AFF4CA9333442EA4985966299A87583F6F74BFFDCF79A5DA8CCCC25679D2
CU9-Exchange2016-KB4459266-x64-en.msp 5EF7424C703C1E07483DFF468DA71160CA1F775D 8D12724D15801505ABFF8DDB0BB4A2C17B76836233B2CF6E0271F0C9132ADF8E
Exchange2013-KB4459266-x64-en.msp 7C6F4A6656F21296B8EF2470EEC7C8BE63CB58CE 6FEA92FFB5F98341BA9641E3B7852D5FAC680852286467ADADCCC7E4E15292AF


Exchange server file information

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

How to get help and support for this security update

Help for installing updates: Windows Update: FAQ

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support