Microsoft has released Hotfix Updates (HUs) that enables support for new functionality and address issues in earlier updates.
- Exchange Server 2019
- Exchange Server 2016
HUs are available for the following specific versions of Exchange Server:
The April 2025 HUs do not contain any new Exchange Server security updates.
Key Updates and Changes
Microsoft has released hotfix updates that address issues from previous versions and introduce new functionality for Exchange Server customers. The most significant change is the introduction of a dedicated Exchange hybrid application in Microsoft Entra ID, which aims to strengthen security by separating the identities of Exchange Online and Exchange Server.
This update represents part of Microsoft’s transition from the legacy Exchange Web Services (EWS) API to the more secure Graph API with granular permissions. The Exchange team has emphasized that hybrid customers requiring rich coexistence features must take action between the April 2025 HU release and October 2025 to avoid functionality breakage.
Critical Deadlines and Requirements
- October 2025: Deadline to update to the dedicated Exchange hybrid app
- October 2026: Deadline to update to the Graph permission model
If organizations fail to meet these deadlines, they risk losing key hybrid functionality including Free/Busy sharing, MailTips, and profile picture sharing between on-premises and Exchange Online users.
Known issues with this update
- Edge Transport service (EdgeTransport.exe) stops responding and then restarts when Exchanger Server attempts to decrypt the messages, sent from an external source protected by Azure Rights Management (Azure RMS).
Update installation
The following update paths are available:
- Inventory your Exchange Servers to determine which updates are needed using the Exchange Server Health Checker script. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs, SUs, or manual actions).
- Install the latest CU. Use the Exchange Update Wizard to choose your current CU and your target CU to get directions.
- Re-run the Health Checker after you install an update to see if any further actions are needed.
- If you encounter errors during or after installation of Exchange Server, run the SetupAssist script. If something does not work properly after updates, see Repair failed installations of Exchange Cumulative and Security updates. Also please see File version error when you try to install Exchange Server updates.
Resources:
Official announcement:
https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471
Hotfix update for Exchange Server 2019 CU15: April 18, 2025 (KB5050672):
https://support.microsoft.com/en-us/topic/hotfix-update-for-exchange-server-2019-cu15-april-18-2025-kb5050672-b46af510-ede4-4eab-b2ba-940d2f00e04d
Hotfix update for Exchange Server 2016 CU23: April 18, 2025 (KB5050674):
https://support.microsoft.com/en-us/topic/hotfix-update-for-exchange-server-2016-cu23-april-18-2025-kb5050674-48437cec-7400-46c0-9402-c9afe7fc0f08
Strengthen Your Server Security with Messageware
Data breaches have increased by 72%, servers are compromised in under 90 minutes. Ensure you have multiple layers of security software protecting your Windows Servers.
Messageware offers powerful security solutions, including:
Z-Day Guard for All Windows Servers: Next-gen server protection, providing detection, alerting, and response (MDR) to zero-day and server penetration cyber-attacks. Leverages embedded monitoring technology that cannot be turned off by malicious software. No need to research complicated deployments and no learning curve to install and manage.
EPG Guard for Exchange Servers: Real-time security stops AD account lockouts, eliminates brute force password attacks, provides intelligent GEO blocking, and prevents Exchange Server vulnerability probing. Enhance security through real-time collection and analysis of logon information, with advanced reporting, threat detection, and security controls.
Don’t leave your critical infrastructure vulnerable, be proactive and stay ahead of evolving threats.