Home
%3CLINGO-SUB%20id%3D%22lingo-sub-593638%22%20slang%3D%22en-US%22%3EMS07-026%3A%20Vulnerabilities%20in%20Microsoft%20Exchange%20Could%20Allow%20Remote%20Code%20Execution%20(931832)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-593638%22%20slang%3D%22en-US%22%3E%3CP%3E%3C%2FP%3E%3CP%3EAn%20Exchange%20Server%20related%20security%20bulletin%20was%20released%20yesterday.%20Here%20are%20some%20details%3B%20please%20go%20and%26nbsp%3Bget%20the%20patches%20that%20apply%20to%20your%20Exchange%20version!%3C%2FP%3E%3CP%3E%3CSTRONG%3EIssued%3A%3C%2FSTRONG%3E%20May%2008%2C%202007%3C%2FP%3E%3CP%3E%3CB%3EImpact%20of%20Vulnerability%3A%3C%2FB%3E%20Remote%20Code%20Execution%3C%2FP%3E%3CP%3E%3CSTRONG%3EMaximum%20Severity%20Rating%3A%3C%2FSTRONG%3E%20%3CSTRONG%3E%3CFONT%20color%3D%22%23ff0000%22%3ECritical%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CB%3ERecommendation%3A%20%3C%2FB%3ECustomers%20should%20apply%20the%20update%20%3CEM%3E%3CU%3Eimmediately%3C%2FU%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CB%3ESecurity%20Update%20Replacement%3A%20%3C%2FB%3EThis%20bulletin%20replaces%20two%20prior%20security%20updates.%20See%20the%20Frequently%20Asked%20Questions%20(FAQ)%20section%20of%20the%20bulletin%20for%20details.%3C%2FP%3E%3CP%3E%3CB%3EAffected%20Software%3A%3C%2FB%3E%3CUL%3E%20%3CLI%3EMicrosoft%20Exchange%202000%20Server%20Service%20Pack%203%20with%20the%20Exchange%202000%20Post-Service%20Pack%203%20Update%20Rollup%20of%20August%202004%3C%2FLI%3E%3CLI%3EMicrosoft%20Exchange%20Server%202003%20Service%20Pack%201%3C%2FLI%3E%3CLI%3EMicrosoft%20Exchange%20Server%202003%20Service%20Pack%202%3C%2FLI%3E%3CLI%3EMicrosoft%20Exchange%20Server%202007%3C%2FLI%3E%3C%2FUL%3E%20%3C%2FP%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Ftechnet%2Fsecurity%2FBulletin%2FMS07-026.mspx%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EPlease%20go%20here%20for%20more%20information%20and%20links%20to%20get%20the%20updates%3C%2FA%3E!%3C%2FP%3E%3CP%3EAdditionally%2C%20you%20can%20read%20about%20all%20patches%20released%20yesterday%20on%20the%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fmsrc%2Farchive%2F2007%2F05%2F08%2Fmay-2007-monthly-bulletin-release.aspx%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EMicrosoft%20Security%20Response%20Center%20(MSRC)%20blog%3C%2FA%3E.%3C%2FP%3E%3CP%3E%3CSTRONG%3EEDIT%3A%3C%2FSTRONG%3E%20One%20additional%20note%20about%20those%20fixes%20for%20Exchange%202000%20and%202003.%26nbsp%3BPlease%20be%20aware%20that%20those%20fixes%20include%20the%20%22Send%20As%22%20behavior%20change%20as%20discussed%20in%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F912918%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ethis%20KB%20article.%3C%2FA%3E%26nbsp%3BFunctionality%20of%20your%203rd%20party%20applications%20might%20be%20affected.%20Please%20make%20sure%20to%20check%20the%20article%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F912918%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3E912918%3C%2FA%3E!%3C%2FP%3E%3CP%3E-%20%3CA%20href%3D%22http%3A%2F%2Fmsexchangeteam.com%2Farticles%2F63464.aspx%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ENino%20Bilic%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E

An Exchange Server related security bulletin was released yesterday. Here are some details; please go and get the patches that apply to your Exchange version!

Issued: May 08, 2007

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately

Security Update Replacement: This bulletin replaces two prior security updates. See the Frequently Asked Questions (FAQ) section of the bulletin for details.

Affected Software:

  • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
  • Microsoft Exchange Server 2003 Service Pack 1
  • Microsoft Exchange Server 2003 Service Pack 2
  • Microsoft Exchange Server 2007

Please go here for more information and links to get the updates!

Additionally, you can read about all patches released yesterday on the Microsoft Security Response Center (MSRC) blog.

EDIT: One additional note about those fixes for Exchange 2000 and 2003. Please be aware that those fixes include the "Send As" behavior change as discussed in this KB article. Functionality of your 3rd party applications might be affected. Please make sure to check the article 912918!

- Nino Bilic

53 Comments
Not applicable
931832 includes exosal.dll which is one file also in KB 916783 - (disabled user account and 9548 errors in the event log).  Should 931832 change the Exchange server to behave as if 916783 is installed, even if it is not??   (ie is the optional 916783 now no longer optional because it is in 931832?

We did have 916783 installed but later decided we wanted it removed. and I have been able to desired behavour by eventually returning exosal.dll to the original exchange version! (Unistalls didn't do this!)  But 931832 puts a version of exosal.dll greater than 916783 and we again have the problem of mail delivering to disabled accounts.
Not applicable
I think I have answered my own query.  I had a front end server that never had 916783 and the 931832 hotfix definitely does change the behaviour for disabled accounts.  This is a real pain for us as we have a custom developed Identity management system that automatically disables accounts.  Now we have to develop a new process to stop email delivery.  It is annoying that this embedded functionality change in the security hotfix wasn't better advertised jsut like the "Send As" change was alerted to.
Not applicable
Soon after we installed the 931832 patch, we also experienced mail

flow issues where messages would not be delivered and were being

held in the local delivery queue. Installing patch 934450 did

resolve this problem, however we now have a different mail flow

issue whereby emails are intermittently being delivered to the journal mailbox and not to the intended recipient. When this happens we have 2 entries from the smtp store driver delivering to our journal mailbox when viewing the  message in message tracking centre. We'd expect to see only 1 entry for the journal mailbox and 1 entry for the recipient mailbox from the smtp store driver.
Has anyone experienced the same problem with patch 934450?

Our store.exe version is currently 6.5.7653.2. Is there a patch / hotfix which supercedes 934450?