Navigating Exchange Server 2013 Cumulative Updates (CUs) & Security Updates (SUs): A Comprehensive Guide

Navigating Exchange Server 2013 Cumulative Updates (CUs) & Security Updates (SUs): A Comprehensive Guide

Microsoft Exchange Server 2013, though an older version, may still be operational in some environments as it approaches its end of extended support (which occurred on April 11, 2023). For any organization still running Exchange 2013, understanding its update history, particularly the final Cumulative Update (CU) and subsequent Security Updates (SUs), is absolutely critical. Operating Exchange 2013 post-end-of-support without the final patches carries extreme security risks. This guide aims to provide a clear overview of the update landscape for Exchange Server 2013, focusing on its final CU (CU23) and the SUs that were released for it. We will list build numbers, release dates, and links to official Microsoft resources. The primary message for any entity still on Exchange 2013 is the urgent need to migrate to a supported platform like Exchange Server Subscription Edition or Exchange Online. However, if you are in the process of decommissioning or in a rare, isolated scenario, ensuring it has the very last available patches is a minimal security measure. MedhaCloud offers expert guidance on migrating from legacy Exchange versions and securing your email infrastructure.

Understanding Updates for Exchange Server 2013

The update model for Exchange Server 2013 was based on Cumulative Updates (CUs) and Security Updates (SUs).

Cumulative Updates (CUs): For Exchange 2013, CUs were full installations of the server software. Each CU included all previously released CUs and SUs. This meant you could directly install the latest available CU without needing to install intermediate ones. CUs were released periodically during Exchange 2013’s mainstream support phase, bringing bug fixes, feature improvements, and security patches. The final CU released for Exchange Server 2013 was CU23.

Security Updates (SUs): SUs were targeted patches to address specific security vulnerabilities. These were critical for maintaining server security. SUs for Exchange 2013 were CU-specific, meaning an SU released for CU23 could only be applied to servers already running CU23. After Exchange 2013 entered extended support (April 2018), SUs became the primary type of update released, continuing until the end of extended support in April 2023.

End of Support (April 11, 2023): It is crucial to emphasize that Exchange Server 2013 reached its end of extended support on April 11, 2023. This means Microsoft no longer provides any new security updates, non-security updates, assisted support options, or online technical content updates for this version. Running Exchange 2013 after this date, even if patched to the very last SU, exposes your organization to unpatched vulnerabilities discovered post-April 2023.

Final Recommended Updates for Exchange Server 2013

For any Exchange Server 2013 instance, the absolute minimum state it should have been in before the April 2023 end-of-support was Exchange Server 2013 Cumulative Update 23 (CU23), followed by all SUs released for CU23 up to that date.

The final major Cumulative Update was Exchange Server 2013 CU23, released on June 20, 2019 (KB4489622).

After CU23, several Security Updates were released. The very last SUs would have been those released around or just before the April 2023 end-of-support deadline. For example, Exchange Server 2013 CU23 Mar23SU (KB5024296) released on March 14, 2023, was one of the final security updates.

Key Recommendations for any remaining Exchange 2013 instances:

1. Confirm CU23 Installation: The server must be on CU23.
2. Apply All SUs for CU23 up to April 2023: Ensure every SU released for CU23 before the end-of-support date was applied.
3. Prioritize Immediate Migration: This cannot be stressed enough. Your organization should have already migrated off Exchange 2013. If not, this must be your highest IT priority. Continued operation is a significant security risk.

To find information on Exchange Server 2013 CU23, you would refer to its KB article KB4489622 (original download link was https://www.microsoft.com/download/details.aspx?id=58392, now retired). For the final SUs like KB5024296, refer to their respective KB articles, e.g., KB5024296.

If you are unexpectedly still dealing with an Exchange 2013 server, contact MedhaCloud immediately for emergency migration and security consultation.

Comprehensive List of Exchange Server 2013 Cumulative Updates (CUs)

Cumulative Updates (CUs) for Exchange Server 2013 were full installations, with CU23 being the final one. Below is a list of key CUs, their release dates, build numbers, and links to KB articles or download pages (most of which are now retired by Microsoft but KB articles remain for reference).

(Note: Exchange 2013 is past its end-of-life. This information is for historical reference and for systems in the process of immediate decommissioning. Always refer to official Microsoft KB articles for details.)

Comprehensive List of Exchange Server 2013 Security Updates (SUs) for CU23

After CU23, Microsoft released several Security Updates (SUs) until the end of support in April 2023. Applying all of these to a CU23 installation was critical. Below are some of the key SUs for CU23. For a definitive list, the Microsoft Security Update Guide (filtered for Exchange 2013 for the relevant period) was the primary source.

The imperative for any remaining Exchange 2013 server is immediate migration. These SUs were the final line of defense before support ended. MedhaCloud can assist with urgent migration planning and execution from Exchange 2013.

How to Check Your Current Exchange 2013 Build Number

If you are assessing an Exchange Server 2013 environment, you need to determine its build number to understand its patch level. Use the Exchange Management Shell (EMS):

1. For a summary including AdminDisplayVersion:

   powershell Get-ExchangeServer | Format-List Name, Edition, AdminDisplayVersion, ServerRole

   AdminDisplayVersion will show Version 15.0 (Build xxxx.x).

2. For the precise file version of ExSetup.exe:

   powershell Get-Command ExSetup.exe | ForEach-Object {$_.FileVersionInfo}

   The ProductVersion or FileVersion (e.g., 15.00.1497.002 for CU23 RTM) is the most accurate. SUs would increment the last part of this build number.

This information is critical for understanding the historical state of the server, but the action remains the same: migrate immediately.

Important Considerations Before Updating Exchange Server 2013 (Historical Context)

While Exchange Server 2013 reached its end of support on April 11, 2023, understanding the considerations for updating it (specifically to CU23 and its final SUs) is important for historical context or if dealing with a server in an immediate decommissioning phase. The primary directive for any Exchange 2013 server is immediate migration.

1. End of Support is Final: No new updates of any kind have been released since April 2023. Any vulnerabilities discovered after this date remain unpatched.
2. Must Be on CU23: Before its EOL, the baseline for applying the final SUs was Exchange Server 2013 CU23.
3. Read Final SU Release Notes: The KB articles for SUs released up to March/April 2023 contained critical information. These were the last line of defense.
4. Backups Were Essential: Even for applying final patches, full backups (AD, Exchange servers, customizations) were crucial.
5. AD Prerequisites for CU23: If upgrading from a much older CU to CU23, AD schema updates (PrepareSchema, PrepareAD, PrepareDomain) might have been necessary. CU23 itself had specific .NET Framework requirements (typically .NET 4.7.1 or 4.7.2, but always verify with CU23 release notes as this could vary slightly from later Exchange versions). AD health was paramount.
6. .NET Framework: Ensure the correct .NET version compatible with CU23 was installed. SUs inherited these requirements.
7. Downtime Planning: Upgrading to CU23 required a significant maintenance window. Final SUs also required reboots.
8. Update Order in DAGs: Standard DAG update procedures applied: maintenance mode, update Mailbox servers, then Edge Transport servers.
9. Run as Administrator: All updates required elevated privileges.
10. Third-Party Software: Compatibility with CU23 and its SUs for any third-party tools was a concern, as vendors likely also ceased support for integrations with an EOL product.

These considerations are now largely academic, as the only secure action for Exchange 2013 is to have it decommissioned and migrated. If you find an Exchange 2013 server still in operation, it represents a significant security liability. MedhaCloud can assist with emergency assessment and migration from unsupported Exchange versions.

General Installation Guidance for Exchange Server 2013 Updates (Historical Context)

This guidance is for historical reference, outlining the general process for applying CU23 and its final SUs to Exchange Server 2013 before its April 2023 end-of-life.

For Upgrading to Cumulative Update 23 (CU23) (Pre-EOL):

1. Preparation: All steps from “Important Considerations” (backups, AD health, .NET Framework, etc.).
2. Download CU23: The ISO for Exchange 2013 CU23 (KB4489622) was available from Microsoft Download Center (now retired).
3. Mount ISO & AD Prep: Mount the ISO. If upgrading from a very old version, run Setup.exe /PrepareSchema, then /PrepareAD, then /PrepareDomain as required by CU23 or intermediate CUs, waiting for replication.
4. Server Maintenance (DAGs): Place DAG members in maintenance mode.
5. Run Setup: From an elevated command prompt, run Setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms.
6. Follow Wizard & Reboot: Complete the setup and reboot.
7. Post-Installation Checks: Verify event logs, services, mail flow, and build number.
8. Exit Maintenance Mode.

For Final Security Updates (SUs) on CU23 (Pre-EOL):

1. Preparation: Read SU KB, perform backups.
2. Download SU: Obtain the .msp file from Microsoft Update Catalog or KB link.
3. Run as Administrator: Install the .msp file with elevated privileges.
4. Reboot: A reboot was typically required.
5. Post-Installation Checks: Verify logs, services, and build number.

Official Microsoft Resources (Historical):

• Exchange Server Build Numbers and Release Dates page (for historical build numbers).
• KB articles for CU23 (KB4489622) and the final SUs (e.g., KB5024296).

Any remaining Exchange 2013 server should be considered a high-priority migration candidate, not a candidate for further updates as none exist.

Troubleshooting Common Exchange 2013 Update Issues (Historical Context)

Troubleshooting Exchange 2013 updates before its EOL involved similar steps to other Exchange versions, but with the added complexity of an aging platform.

1. CU23 Upgrade Failures:
   • Readiness Checks: Often due to incorrect .NET Framework, pending reboots, AD prep issues, or permissions.
   • Setup Logs: C:\ExchangeSetupLogs\ExchangeSetup.log was key.
2. SU Installation Problems on CU23:
   • MSP Errors: Running without admin rights, incomplete previous updates, or antivirus.
   • OWA/ECP Issues: UpdateCas.ps1, UpdateConfigFiles.ps1, and iisreset were common attempts. Checking SU KB for known issues was vital.
3. Service Failures & DAG Issues: Similar to other versions, event logs and ensuring uniform patch levels in DAGs were important.

The only effective troubleshooting for Exchange 2013 now is to plan and execute its immediate decommissioning and migration.

Conclusion: The Final Chapter for Exchange Server 2013 – Migrate Now!

Exchange Server 2013 officially reached its end of extended support on April 11, 2023. This guide has provided a historical overview of its final updates, including CU23 and the subsequent Security Updates. While this information might be useful for understanding the state of any lingering Exchange 2013 servers, the message is unequivocal: if you are still running Exchange Server 2013, you are operating an unsupported and insecure platform.

No further security patches or technical support are available from Microsoft. Each day an Exchange 2013 server remains online, the risk of compromise from unpatched vulnerabilities increases. The focus must be entirely on immediate migration to a supported solution, such as Exchange Server Subscription Edition or, ideally, Exchange Online (Microsoft 365) for enhanced security, features, and support.

MedhaCloud understands the challenges of migrating from legacy systems. We offer comprehensive migration services to help you transition smoothly and securely from Exchange Server 2013 to a modern, supported platform. Don’t delay—the risks are too high. Contact MedhaCloud today for an urgent consultation on migrating your Exchange 2013 environment.

This article serves as a final reference for Exchange 2013 updates. The next step for any administrator encountering this version is not to patch, but to replace.

Further Reading in this Series:

• Still managing Exchange 2016?
• Need info on the even older Exchange 2010?
• Looking for current on-premises solutions?