We were all geared up for the release of Exchange 2013 CU7, Exchange 2010 SP3 RU8, and Exchange 2007 SP3 RU15 today when Microsoft made a last-minute decision to defer the updates.
As explained on the EHLO blog, a problem was detected in the Exchange 2013 installer package that could have resulted in some files used by OWA being overwritten by a security update, assumingly the November security bulletin released today. Microsoft have a workaround but deemed it to be unacceptable – and I agree. It is asking for trouble to require customers to “repair” Exchange before applying a security update, even if it ensures that the right files are in place after the update.
The problem was found in Exchange 2013 but might have affected Exchange 2010 and Exchange 2007 so the product group took the sensible decision to hold those updates until they had a chance to validate them against security updates.
The delayed updates will now appear in December and will still be within the quarterly window for the release cadence used by Exchange 2013. If CU7 had appeared today, it would have been eleven weeks since the release of Exchange 2013 CU6 (August 26) and that’s a pretty rapid cadence to ask on-premises customers to maintain.
Getting an extra four weeks (or whatever the final ship date is) will be welcomed by customers unless they are in the position of needing one of the improvements like better public folder scalability and co-existence with legacy public folders or the change to make OAB generation work better across multiple sites. Alternatively, you might have been waiting for one of the bug fixes included in CU7, such as the one to close the loophole in Outlook Web App that allows users to bypass litigation holds. That fix is already proven within Office 365 and is scheduled to be in CU7.
No one likes to hold up software if it is ready. But everyone will agree that it’s a good and mature decision to halt if known problems exist. I think Microsoft made the right call here.
Follow Tony @12Knocksinna
