Microsoft Exchange Server Cumulative Updates will Shift to a Biannual Release Cycle

Datacenter networking servers

Microsoft has announced that the Exchange Server cumulative updates (CUs) are switching to a biannual release schedule. The company currently releases CUs quarterly, but this slow release cycle will allow organizations to keep their Exchange servers up-to-date more easily.

“We are moving to a release cadence of two CUs per year – releasing in H1 and H2 of each calendar year, with general target release dates of March and September. But our release dates are driven by quality, so we might release updates in April or October, or some other month, depending on what we’re delivering,” the Exchange Server team explained. “The next CU will be released in H2 of 2022, and it will be for Exchange Server 2019 only.”

Microsoft releases new CUs for Exchange Server 2019

In addition to the new release cycle, Microsoft has announced the release of CU12 for Exchange Server 2019. The latest cumulative update brings Windows Server 2022 support and lets IT admins use multifactor authentication (MFA) with the “Hybrid Management PowerShell module.” Moreover, Microsoft has updated its licensing requirements to include a “product key for Exchange 2019 hybrid servers” at no additional cost.

Previously, Exchange Online customers who also use Active Directory (AD) for identity management were required to install an Exchange Server to manage recipients. However, the company has now dropped this requirement for hybrid cloud Exchange users.

Specifically, the CU12 introduces a new Exchange Management Tools role that eliminates the need to run the Exchange server for management purposes. This change should help IT Admins protect their organizations from cyberattacks targeting Exchange Online users.

Microsoft has also released CU 23 for Exchange Server 2016 with daylight saving time (DST) updates and several nonsecurity fixes. “To prevent misuse of UNC paths by attackers, parameters that take UNC paths as inputs will no longer be usable in Exchange Server PowerShell cmdlets or the Exchange Admin Center,” Microsoft noted.

Lastly, Microsoft has announced a new bug bounty program for Exchange Server. This means that researchers will now get rewards for discovering security vulnerabilities in all supported version of Exchange Server. We invite you to check out the official website for more details.