KB5036386:Description of Security Update 12 for Exchange Server 2016

Description of Security Update 12 for Exchange Server 2016: March 12, 2024 (KB5036386)

This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE) and security advisory:

• CVE-2024-26198 - Microsoft Exchange Server Remote Code Execution Vulnerability
• Security Advisory ADV24199947 - Microsoft announces the deprecation of Oracle's libraries in Exchange Server

Issues that are fixed in this security update

• EWS search request displays inaccurate results

Known issues in this security update

• After you install this security update (SU), the program no longer supports the Oracle Outside In Technology (OIT) or OutsideInModule. OIT performs text extraction operations when you process email messages that have attachments. For more information, see The OutsideInModule module is disabled after installing the March 2024 SU.
• After you install this SU, Download Domains are no longer working as expected. For more information, see Download domains not working after installing the March 2024 SU.
• After you install this SU, OwaDeepTestProbe and EacBackEndLogonProbe are no longer working. For more information, see OwaDeepTestProbe and EacBackEndLogonProbe fail after installing March 2024 SU.
• After you install this SU, you receive a "We're having trouble fetching results from the server" error message when you run a search in Microsoft Outlook cached mode. For more information, see Search error in Outlook cached mode after installing March 2024 SU.
• After you install this SU, you can't preview Microsoft Word documents in Outlook on the web (OWA), and you receive an error message. For more information, see "We can't open this document" error in OWA after installing March 2024 SU.