ADV180010

FAQ

Why is Microsoft issuing an update for Oracle Outside In libraries? Microsoft licenses a custom implementation of the Oracle Outside In libraries, specific to the product in which the third-party code is used. Microsoft is issuing this security update to help ensure that all customers using this third-party code in Microsoft Exchange are protected from vulnerabilities. For more information about these vulnerabilities, see the Oracle advisories referenced.

Are there any prerequisites before installing this new version of Microsoft Exchange Server? Yes, please install the following prerequisites before installing this new version of Microsoft Exchange Server.

VC++ 2013 runtime library All of the Exchange Server updates released with this version require the VC++ 2013 runtime library be installed on the server. The VC++ runtime library is now required to ensure we are able to provide current and future security updates for a third party component shipped with Exchange Server. The component provides WebReady Document Viewing in Exchange Server 2010 and 2013 and Data Loss Prevention in Exchange Server 2013 and 2016. Setup will enforce the installation of the pre-requisite on Exchange Server 2013 and 2016 when a cumulative update is applied. Exchange Server 2010 Update Rollup 22 and later will also enforce the installation of the VC++ runtime before the update can be applied. Future security updates for all versions of Exchange Server will also enforce installation of the runtime package. Customers who use Windows Update to patch or update their servers, will need to ensure that the VC++ runtime package is applied before running Windows Update. Update Rollup 22 and future security updates for all versions of Exchange server will fail to install manually or via Windows Update if the runtime library is not installed.

Where can I get more information?

• 4295081
• Exchange Blog