Jump to content


  • entries
  • comments
  • views

February 2019 Quarterly Exchange Updates




Today Exchange Team announce the  quarterly servicing updates, cumulative and update rollups, for all supported versions of Exchange Server. There are some important changes.

What changes in Exchange Web Services Push Notifications

The update to EWS Push Notifications is considered a critical security update and customers should deploy the update as soon as they understand and accept any potential impact. The change in Push Notification authentication is a permanent change to the product and necessary to protect the security of an Exchange Server.

As outlined in KB4490060 the fundamental change is the authentication between  EWS clients and Exchange server. This only affects Push notificationsan and leaves Pull and Streaming Notifications unaffected and its applicable to all EWS clients.

Also a computer reset of Exchange server credentials is required in Active Directory as a best practice.

Decreasing Exchange Rights in the Active Directory

The Team has also made a change in the Active Directory rights granted to Exchange Servers  reducing the items that exchange is able to write security descriptors as outlined in  KB4490059.

Removing Legacy Auth protocols from Exchange Servers

In Exchange Server 2019 Cumulative Update 1, there is a new cmdlet that restrict legacy authentication protocols on a per protocol and user by user basis. This change came from Office365 which already has the same  functionality implemented.


The KB articles are the following:

  • Exchange Server 2019 Cumulative Update 1 (KB4471391)
  • Exchange Server 2016 Cumulative Update 12 (KB4471392)
  • Exchange Server 2013 Cumulative Update 22 (KB4345836)
  • Exchange Server 2010 Service Pack 3 Update Rollup 26 (KB4487052)

Happy Patching!!!!






Recommended Comments

There are no comments to display.

Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...