Exchange Server 2013: Issue with Security Update KB4536988

[German]When you install security update KB4536988 (Feb. 2020) to close the vulnerability CVE-2020-0688, Exchange Server 2013 may experience an issue that was described a year ago in Exchange Server 2016.


Security Update KB4536988 (Feb. 2020)

On February 11, 2020, Microsoft released security update KB4536988 for Microsoft Exchange Server 2013. This is an update rollup that is intended to fix the following vulnerabilities in Microsoft Exchange.

This update also fixes the following issue: 4540267 Crash of MSExchangeDelivery.exe or EdgeTransport.exe in Exchange Server 2013 and Exchange Server 2010 This security update should be installed in a timely manner because there are attacks against unpatched Exchange Servers (see links at the end of this article).

Issues with Update Installation

However, the update is not without its challenges for Exchange administrators. In the blog post Exchange Server 2013 Mail issues after Feb. 2020 Update I had already reported about issues a reader got after installing the update. Doesn't seem to be an isolated case.

In addition, KB4536988 already lists some known issues. Double-clicking in 'normal mode' will not install all files. The administrator must start the update by clicking Run as administrator to run it.

Another issues with this update

At the weekend I came across the tweet of blog reader Karl, which points out another problem.


Attempting to install security update KB4536988 to close the CVE-2020-0688 vulnerability on an Exchange Server 2013 CU23 with .NET Framework 4.8 may result in a server failure in applications such as OWA or ECP. There an error message of type:

The file or assembly "Microsoft.Exchange.Common, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ or a dependency on it was not found. The system cannot find the specified file" and OWA "

:-( Something didn't work out.
Your request could not be completed. HTTP status code: 500.

Frank Zöchling has published a year ago a German blog post Exchange 2016: Serverfehler in Anwendung (OWA und/oder ECP). It describes exactly this error with Microsoft Exchange Server 2016 including a workaround. On Twitter I saw that a concerned person writes that the workaround of Frank helps.

Similar articles:
Attack to unpatched Exchange Servers (CVE-2020-0688)
Security information for Linux and Exchange
Exchange Server 2013 Mail issues after Feb. 2020 Update

Cookies helps to fund this blog: Cookie settings

This entry was posted in issue, Office, Security, Software, Update and tagged , , , . Bookmark the permalink.

2 Responses to Exchange Server 2013: Issue with Security Update KB4536988

  1. Ray says:

    The solution to the issues with this update is to first install all the other hotfixes that are in the list. I had several .NET Framework updates at the same time as this hotfix was installing. After two weeks of research, reading this page and testing my solution works (hotfix is installed succesfully and the services where put on Automatic after the installation.

  2. Satyam says:

    Hi Ray,

    Could you please the things you have done fix the ecp/owa issue? I am facing the same and still trying to find the solution.

Leave a Reply

Your email address will not be published. Required fields are marked *