Cumulative Update 12 for Microsoft Exchange Server 2016 was released on February 12, 2019. This cumulative update is a security update. It includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. These fixes will also be included in later cumulative updates for Exchange Server 2016. This update provides a security advisory in Microsoft Exchange. For more information, see Security Advisory ADV190004. It also resolves some vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0686 and Microsoft Common Vulnerabilities and Exposures CVE-2019-0724.
This update also includes new daylight saving time (DST) updates for Exchange Server 2016. For more information about DST, see Daylight Saving Time Help and Support Center.
Known issues in this cumulative update
- After you install Cumulative Update 12 for Exchange Server 2016, the Accept button disappears in the invitation email message of a shared calendar in Microsoft Outlook on the web client (previously known as Outlook Web App). Therefore, you cannot add the shared calendar by clicking the Accept button directly. To work around this issue, you can use one of the following methods:
- Open the invitation from the Notifications pane in Outlook on the web.
- Add the shared calendar manually in Outlook on the web. For more information, see How to open a shared calendar from an Outlook sharing invitation.
Open the invitation in Outlook, and then add the shared calendar.
- In multidomain Active Directory forests in which Exchange is installed or has been prepared previously by using the /PrepareDomain option in SETUP, this action must be completed after the /PrepareAD command for this cumulative update has been completed and the changes are replicated to all domains. Setup will try to execute the /PrepareAD command during the first server installation. Installation will finish only if the user who initiated SETUP has the appropriate permissions.
Issues that this cumulative update fixes
This cumulative update fixes the issues that are described in the following Microsoft Knowledge Base articles:
- 4487596 Emails are blocked in moderator mailbox Outbox folder when you send large volumes of emails in Exchange Server 2016
- 4456241 You receive a meeting request that has a "not supported calendar message.ics" attachment in Exchange Server 2016
- 4456239 New-MailboxRepairRequest doesn't honor RBAC RecipientWriteScope restrictions in Exchange Server 2016
- 4487591 The recipient scope setting doesn't work for sibling domains when including OUs in the scope in Exchange Server 2016
- 4468363 MRM does not work for mailboxes that have an online archive mailbox in Exchange Server
- 4487603 "The action cannot be completed" error when you select many recipients in the Address Book of Outlook in Exchange Server 2016
- 4487602 Outlook for Mac users can still expand a distribution group when hideDLMembership is set to true in Exchange Server 2016
- 4488076 Outlook on the Web can't be loaded when users use an invalid Windows language in operating system in Exchange Server 2016
- 4488079 Exchange Server 2016 allows adding Exchange Server 2019 mailbox server into a same DAG and vice versa
- 4488077 Can't configure voice mail options when user is in different domain in Exchange Server 2016
- 4488263 X-MS-Exchange-Organization-BCC header isn't encoded correctly in Exchange Server 2016
- 4488080 New-MigrationBatch doesn't honor RBAC management scope in Exchange Server 2016
- 4488262 Delivery Reports exception when tracking a meeting request that's sent with a room resource in Exchange Server 2016
- 4488268 Disable the irrelevant Query logs that're created in Exchange Server 2016
- 4488267 Test-OAuthConnectivity always fails when Exchange Server uses proxy to connect to Internet in Exchange Server 2016
- 4488266 Client application doesn't honor EwsAllowList in Exchange Server 2016
- 4488265 "There are problems with the signature" error occurs for digital signature message if attachment filtering is enabled in Exchange Server 2016
- 4488264 Mailbox that has a bad move request can't be cleaned up from destination mailbox database in Exchange Server 2016
- 4488261 Event ID 1002 when the store worker process crashes in Exchange Server 2016
- 4488260 New-MailboxExportRequest and New-MailboxImportRequest don't honor RBAC management scope in Exchange Server 2016
- 4488259 MailTip shows wrong number of users for a distribution group if the users are in different domains in Exchange Server 2016
- 4488258 OAuth authentication is removed when saving MAPI virtual directory settings in EAC in Exchange Server 2016
- 4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
- 4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model
Get Cumulative Update 12 for Exchange Server 2016
- The Cumulative Update 12 package can be used to run a new installation of Exchange Server 2016 or to upgrade an existing Exchange Server 2016 installation to Cumulative Update 12.
- You don't have to install any previously released Exchange Server 2016 cumulative updates or service packs before you install Cumulative Update 12.
Cumulative update information
This cumulative update requires Microsoft .NET Framework 4.7.1.
A component that's used within Exchange Server requires a new Visual C++ component to be installed together with Exchange Server. This prerequisite can be downloaded at Visual C++ Redistributable Packages for Visual Studio 2013. For more information, see KB 4295081.
For more information about the prerequisites for the setup of Exchange Server 2016, see Exchange 2016 prerequisites.
Security update deployment information
For deployment information about this update, see security update deployment information: February 12, 2019.
You may have to restart the computer after you apply this cumulative update package.
You don't have to make any changes to the registry after you apply this cumulative update package.
After you install this cumulative update package, you can't uninstall the package to revert to an earlier version of Exchange Server 2016. If you uninstall this cumulative update package, Exchange Server 2016 is removed from the server.
For more information about the deployment of Exchange Server 2016, see Release notes for Exchange 2016.
For more information about the coexistence of Exchange Server 2016 and earlier versions of Exchange Server in the same environment, see Exchange 2016 system requirements.
For more information about other Exchange updates, see Exchange Server Updates: Build numbers and release dates.
File hash information
|File name||SHA1 hash||SHA256 hash|