Microsoft Security Bulletin MS10-024 released

So is this basically only relevant to the Hub and Edge Transport roles?

We found that the windows update version of update rollup 4 was offered to our CCR clusters - traditionally this is not the case - update rollups need installing seperate from windows update to CCR nodes.

Is this a policy change with this update or is there something not right with our setup? I guess there is a first time for everything!

Warren

Have I install earlier rollups before install this one?

What about Forefront in the process of updating the servers?

The Bullitin says the following for Ex2007 and 2010:

I am running Exchange 2007 or Exchange 2010. Why am I being offered an update if they are not affected by the vulnerabilities described in this bulletin?

The updates for Microsoft Exchange 2007 and Microsoft Exchange 2010 only include the defense-in-depth change that adds additional source port entropy to DNS transactions initiated by the SMTP service.

What the heck does this mean?

Can you explain how this work for Exchange 2003, does one need the Exchange 2003 patch (976702) AND the Windows SMTP patch (976323) since Ex2003 uses Windows 2003's SMTP?

There is a bug in the RU for Exchange 2007 (since SP2 RU1). After the installation customers with german language will not be able to open the toolbox because of a translation of some regkeys that should not be translated.

Here you can find a REG-file that will fix this little bug: http://tinyurl.com/y6lpa5b (in german only).

From FAQ:
Do I need to apply updates for both Windows and Exchange?
For systems that have Microsoft Exchange installed, both the Exchange and Windows update should be applied. If you have the SMTP service enabled but do not run the Exchange service, only the Windows update need be applied.

If you are running Exchange 2003 or Exchange 2000, you need both the Exchange and Windows patches since they are both rated as important.

If you are running SMTP service on a Windows only system, you need the Windows update since it is rated as important as well.

If you are running Exchange 2007 or Exchange 2010, then applying the update is recommended even though it is not rated since it includes a defense-in-depth change. If you are applying the update rollup, you should apply it to all roles.

WARNING: We have had this update reset all our SMTP settings (including relay settings) on two different servers.  Both were Windows Server 2008.

We applied rollup3 to all of our exchange 2010 servers, on our CAS server it crashes our OWA site!  We have to uninstall the rollup to get it working again.  Still looking for a fix!!!

Dan - if you are seeing issues, please head over to our Exchange Updates Forum and post there; blog post comments are a pretty poor vehicle for issue troubleshooting.

http://social.technet.microsoft.com/Forums/en-US/exchangesoftwareupdate/threads

seems like this rollup will cause issues like rollup 9 did

Yes, this update can reset SMTP settings. one of my servers has been the problem and now I've read this: http://kbase.gfi.com/showarticle.asp?id=KBID003836

For folks with Cluster installs using Exchange 2007 SP2 or Exchange 2010, the rollup will be offered as a silent install via Microsoft Update and WSUS. Having your machine configured for Auto Update may have an impact as the Rollup will be installed on the node that is offered regardless of state of that node. Services will be restarted for that node and if Active - failover will happen.

RobertW - We are aware of the issue and hope to address it in a future rollup.

Not only did this update wipe out SMTP relay for me, it appears to be causing timeouts. Hotmail.com, works fine, gmail.com (as well as postini), chase.com, and other mail servers drop the connection after it gets to code 354, dropping with with a 451 or 421 code.

Hello

I would like to confirm the problems reported by Richard Vetter above.
I use Exchange2003 SP2 and after this install I started to get problems with sending emails. A lot of my users get
Subject: Delivery Status Notification (Failure)
This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

There is definitely a problem with this. For instance for me hotmail.com does not work fine and I get this and no other changes happened on my system aside from this update. And I used to be able to email hotmail just fine a day before the update.

There was a SMTP communication problem with the recipient's email
server.  Please contact your system administrator.
   <mail.eved.com #5.5.0 smtp;550 OU-001 Mail rejected by Windows Live
Hotmail for policy reasons. Reasons for rejection may be related to
content with spam-like characteristics or IP/domain reputation problems.
If you are not an email/network admin please contact your
E-mail/Internet Service Provider for help. Email/network admins, please
visit http://postmaster.live.com for email delivery information and
support>

Arturo & Richard - We can confirm that there is an issue with the Windows 2008 and Windows 2008 R2 package where the existing configuration including pre-existing relay settings may be lost.  To the best of our knowledge this does not affect any version of Exchange server.  At this time, we are working to list the problem in the Known Issues section of the security bulletin and we are planning to release an update.

For anyone whose issues are not already discussed (including Remus), would you be willing to open a support ticket with Microsoft?  Please feel free to reach out to me via email for proper follow up.  First.Last@_

Guys a small update on my issue. It was caused by our mail server being included on a spamhouse antispam list. This was blocking the mails on other receiving mail servers.
It just happened in the same time with these updates that's why was so hard to pinpoint.

thanks

Does SP2 rollout 4 include the DoS patch?

Yes, SP2 RU4 contains the defense in depth code change for this issue.

Do I need to install previous roll-ups before installing these??

I have Exchange 2003 on SBS 2003 R2, I need upgrade this exchange to improve mail services.


_______________________________________
<a href="http://www.solocigars.com" target="_blank" title="Solo Cigars">Cuban Cigars</a> | <a href="http://www.royalhabanos.com" target="_blank" title="Royal Habanos">Cuban Cigar </a>

We installed Update Rollup 4 for Exchange Server 2007 Service Pack 2 this weekend...

For some reason, our BIS connected Blackberrys no longer can send/recieve e-mail. (Standard Internet connected Blackberrys)   The BES Blackberrys (Enterprise connected) work just fine.

Blackberry Support says to call AT&T and T-Mobile...
Yeah right.

John

WARNING
Exchange 2003 KB976702 effectively breaks Activesync push to IPhones.

After install Iphones seem to hold the push connection open with lots of cmd=Ping commands.  This causes the battery to drain at a phenomenal rate.

Examining my Activesync logs before showed no use of cmd=Ping before KB976702, and afterwards it appears every couple of minutes.

Only work around is to drop Iphones off push and back to fetch :(

SERIOUSLY NOT IMPRESSED.

@David Aldridge:

David, we are not aware of this problem from what I am finding. Please open up a support case on this! We'd like to see a repro so we can figure it out.

We have installed Rollup 4 for exchange 2007 SP2 last week and we are facing lots of issue after installing the same like our Blackberry BIS users is not able to send and receive their email, our mail server being included on a spam house antispam list, this update resetted the SMTP setting and I got the below error also when our pop3 users trying to send any mail to external domain from outside our network.
“Sending' reported error (0x800CCC62): 'Your outgoing (SMTP) e-mail server has reported an internal error. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).”

@ David
Looks like the same thing happened to us - updated the server last night and all the iphones, ipads and Entourage clients stopped working.
configured my iphone not to push and went into the account turned off mail and turned it back on and it seemed to work.  
We started getting a bunch of server Acvtivesync warnings (event 3007) since the update.