Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 9, 2019

Applies to: Exchange Server 2013Exchange Server 2016Exchange Server 2019

Summary


This update rollup is a security update. This security update resolves vulnerabilities in Microsoft Exchange. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

Known issues in this security update


  • When you try to manually install this security update by double-clicking the update file (.msp) to run it in "normal mode" (that is, not as an administrator), some files are not correctly updated.

    When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

    To avoid this issue, follow these steps to manually install this security update:

    1. Select Start, and type cmd.
    2. In the results, right-click Command Prompt, and then select Run as administrator.
    3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
    4. Type the full path of the .msp file, and then press Enter.

    This issue does not occur when you install the update from Microsoft Update.

  • Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state. To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated command prompt, see Start a Command Prompt as an Administrator.

How to get and install the update


Method 1: Microsoft Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center.

More information


Security update deployment information

For deployment information about this update, see security update deployment information: April 9, 2019

Security update replacement information

This security update replaces the following previously released update:

File information


File hash information

Update Name File name SHA1 hash SHA256 hash
Exchange Server 2013 Cumulative Update 22 Exchange2013-KB4487563-x64-en.msp C6C056DDE0FAA6148E7C763B18341214A5C258B1 CBD78A247D4F04D7ACF153637A5C613A40D89EAFAE6C7264B75AFDE412B5327A
Exchange Server 2016 Cumulative Update 11 Exchange2016-KB4487563-x64-en.msp 1851F4986C2365B177CC46E09F6E77BC370086CC 8FA3BD22C18278CCD05DB01B24EEC1C32EB62BE5F7851FD1605B687FEDEC35BD
Exchange Server 2016 Cumulative Update 12 Exchange2016-KB4487563-x64-en.msp F72AB94A8F0FED80737A51D012A1926D0343A2F9 8AE4ABB44B32E93CEB6B36BCD2CF00BBC7DA46A44153A7775BDC7FAC9E09359B
Exchange Server 2019 Exchange2019-KB4487563-x64-en.msp EF35871FAE9CB1812D7CDE9D275366FD874210D6 63190DFED5D4B734C636480246F447150C6A5CD88BAC8C4B4307ABC76DA35B30
Exchange Server 2019 Cumulative Update 1 Exchange2019-KB4487563-x64-en.msp A0EC2DABFC2884587DDE477C1CCD22CA5DD69A97 4C4FDB3514E410121825F5A223286B675E8E133134481E656036591963413489

Exchange server file information

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.