Yesterday, Microsoft released an updated version of its latest Cumulative Update for Exchange 2013; CU2. This decision follows the discovery of quite an important bug in the original release.
The problem was that when Public Folder Mailboxes were moved between databases, the public folder permissions would get lost. Obviously, this not only represents quite a bug, it’s also a risk for data loss/leakage.
Despite earlier statements they would release an interim update, the Product Team decided to incorporate the fix in a new build of CU2.
As a result, this “version 2” will require you to do a full upgrade just like any other Cumulative Update. See the section below for some more information.
Click here for the original announcement by the Product Team.
Do you have to upgrade?
Yes. Even if you’re not impacted, you’re required to upgrade (at some point). If Microsoft releases security update for Exchange 2013 in the future, these security update will require the new CU2 (v2) to be installed, as Ross described in the original post:
“Important: Regardless of whether you are using modern public folders, we strongly recommend upgrading to this build of Exchange 2013 RTM CU2. Any security updates released for CU2 will be dependent on this build.”
Honestly, I would wait a few more days before deploying this re-released CU. Just to see what feedback comes from the first deployments. I don’t expect any major issues, but you never know…
How to Upgrade?
To install the new CU, run the following command from either a command prompt or PowerShell. Make sure to browse to the location of the binaries first:
Setup.exe /mode:upgrade /IAcceptExchangeServerLicenseTerms
The new build number of this ‘new’ version of CU2 would be 712.24 instead of 712.22 (CU2 v1)3
I think it was only a few weeks ago that Hyper-V MVP Aidan Finn blogged about how Microsoft had a serious quality problem after having released a few buggy Windows Server patches. No matter how hard I would like to state otherwise, I cannot but join him (and many others) in expressing my concerns about the lack of quality (testing?) of recent (and some not so recent) updates.
It’s not the first time something like this has happened with Exchange. I clearly remember Update Rollups for Exchange 2010 to be re-released; sometimes even multiple times like UR4 which had to be re-released twice!. I am well aware that Microsoft does conduct a number of tests before releasing update, but I also have no doubt their testing is primarily focused on scenarios related to Office 365. Might it be that certain typical on-prem scenarios are either disregarded or (much) lower on the priority list, it definitely looks like it!
I fully understand the priority is with Office 365 and in some way that’s a good thing; making sure that ‘the service’ remains fully operational should be Microsoft’s primary concern, especially given its size and popularity. However, Microsoft shouldn’t forget they have a huge customer base that have Exchange running on-premises… And they do expect – and deserve! – the same quality.
On a side note: the overall (world-wide) impact of this “bad” update might be rather limited, yet significant enough. Although no official numbers have been released, I suspect that the amount of Exchange 2013 deployments might not be that high at the moment. I have no doubt that number will grow over the following few months, but Microsoft needs to do something about the overall quality of their updates, not only for us, but for themselves as well.