An Exchange Server related security bulletin was released today. Here are some details; please go and get the patches that apply to your Exchange version!

Issued: April 12, 2005

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Affected Software:

    • Microsoft Exchange 2000 Server Service Pack 3
    • Microsoft Exchange Server 2003
    • Microsoft Exchange Server 2003 Service Pack 1
Non-Affected Software:

    • Microsoft Exchange Server 5.5 Service Pack 4
    • Microsoft Exchange Server 5.0 Service Pack 2
Please go here for more information and links to get the updates!

- Nino Bilic

1 Comment
Not applicable
There appears to be an error in KB894549. The Exchange 2000 SP3 update instructions link to Exchange 2000 Post-SP3 Rollup Patch 6487.1 as a pre-req. Actually, the critical update in KB894549 won't install unless you have Exchange 2000 Post-SP3 Rollup Patch 6603.1 (KB870540).