Issues that Exchange 2013 cumulative update 19 fixes

MAPI over HTTP can’t remove client sessions timely if using OAuth and the resource has a master account in Exchange Server 2013

  • Symptoms

When you use OAuth authentication and the resource that is accessed has a linked master account in Microsoft Exchange Server 2013, Messaging Application Programming Interface (MAPI) over HTTP protocol fails to tear down client sessions in a timely manner.

W3wp high CPU usage in Exchange Server 2013

  • Symptoms

In a Microsoft Exchange Server 2013 environment, Exchange servers may experience the high CPU usage issue and the IIS worker process (w3wp.exe) consumes lots of CPU utilization, which is the MSExchangeMapiMailboxAppPool application pool. As a result, either you cannot connect to the Exchange Server 2013 servers or the Outlook client freezes.

  • Cause

This issue occurs because MSExchangeMapiMailboxAppPool is waiting for a global lock inside of system timer queue.

Event ID 4999 or 1007 if diagnostics service crashes repeatedly in Exchange Server 2013

  • Symptoms

Microsoft Exchange diagnostics service crashes repeatedly in a Microsoft Exchange Server 2013 environment.

The Task Scheduler stores the old tasks’ GUID in memory, and the only way to clear them is to restart the service and clear the tasks manually.

  • Cause

This issue occurs because the failure counter that’s triggered by Task Scheduler exceeds the threshold, and can’t retrieve information from associated files.

Can’t access EWS from Outlook/OWA add-ins via makeEwsRequestAsync in Exchange Server 2016 and Exchange Server 2013

  • Symptoms

Assume that accessing external Exchange Web Services (EWS) URL is blocked from internal Exchange servers in a Microsoft Exchange Server 2016 or Exchange Server 2013 environment. In this situation, the client applications that are posting ExecuteEwsProxy calls will be failed to connect, such as Salesforce add-in for Outlook and Outlook Web App (OWA).

  • Cause

This issue occurs because the ExecuteEwsProxy function is only using external EWS URL. This causes the makeEwsRequestAsync method fail to call EWS.

Description of the security update for Microsoft Exchange: December 12, 2017

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is running Exchange Server

https://support.microsoft.com/en-us/help/4045655/description-of-the-security-update-for-microsoft-exchange-december-12

Download & Install Exchange 2013 CU 19