CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.4%
Cumulative Update 18 for Microsoft Exchange Server 2016 was released on September 15, 2020. This cumulative update includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. These fixes will also be included in later cumulative updates for Exchange Server 2016. This update also resolves a vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2020-16875.This update also includes new daylight saving time (DST) updates for Exchange Server 2016. For more information about DST, see Daylight Saving Time Help and Support Center.
The /PrepareDomain operation automatically runs in the Active Directory domain in which the**/PrepareAD command is run. However, it may be unable to update other domains in the forest. Therefore, a domain administrator should run the/PrepareDomain** in other domains in the forest.
* About the permission question:
As the /PrepareAD is triggered in Setup, if the user who initiates Setup isn’t a member of Schema Admins and Enterprise Admins, the readiness check will fail and you receive the following error messages.
To avoid the errors, either the user should join Schema Admins and Enterprise Admins groups or another user in Schema Admins and Enterprise Admins groups manually runs the /PrepareAD for this Cumulative Update first. Then the Exchange admin user can start Setup.
This cumulative update fixes the issues that are described in the following Microsoft Knowledge Base articles:
Download Cumulative Update 18 for Exchange Server 2016 (KB4571788) nowDownload Exchange Server 2016 CU18 UM Language Packs nowNotes
This cumulative update requires Microsoft .NET Framework 4.8. A component that’s used within Exchange Server requires a new Visual C++ component to be installed together with Exchange Server. This prerequisite can be downloaded at Visual C++ Redistributable Packages for Visual Studio 2013. For more information, see KB 4295081.For more information about the prerequisites to set up Exchange Server 2016, see Exchange 2016 prerequisites.
You may have to restart the computer after you apply this cumulative update package.
You don’t have to make any changes to the registry after you apply this cumulative update package.
After you install this cumulative update package, you can’t uninstall the package to revert to an earlier version of Exchange Server 2016. If you uninstall this cumulative update package, Exchange Server 2016 is removed from the server.
File name | SHA1 hash | SHA256 hash |
---|---|---|
ExchangeServer2016-x64-cu18.iso | 2AD6C38683824718751EAE97BCABF292D9638436 | A10EC45C74C2E65E76FE03C8AAD4960CBE331629ED4D6C9592E18183AF662EBC |
For more information about the deployment of Exchange Server 2016, see Release notes for Exchange 2016.
For more information about the coexistence of Exchange Server 2016 and earlier versions of Exchange Server in the same environment, see Exchange 2016 system requirements.
For more information about other Exchange updates, see Exchange Server Updates: Build numbers and release dates.
Learn about the terminology that Microsoft uses to describe software updates.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.4%