Microsoft Security Bulletin MS11-100 and Exchange Server

We are a little confused - Is the reason for this post because the security update was an out-of-band release that hadn't officially been tested with Exchange yet and the assumption on our part should be that all regularly monthly security updates have already gone through this type of testing with Exchange - or - is this something new where all security updates regarding integral Exchange pieces like .NET Framework will get an official sign off by the Exchange team in a forum like this?

The reason I asked is because we had already applied the out-of-band update and we are a little nervous as to why you all officially signed off on it which you usually don't do.

@HotFix: Thanks for the feedback. We frequently get questions about specific updates, particularly the ones that are critical enough to be released "out-of-band" (i.e. between the scheduled monthly updates). Questions such as: does this apply to Exchange Server/Windows Server version xxxx? do I need to apply it on CAS only, or all servers?

This update also deserves special attention because it was released during a period when many are away celebrating and may have missed it.

If you proactively review security bulletins and apply updates, you're good. If a security update has been released by Microsoft, you can apply it to affected servers. This post is not a sign-off and no sign-offs are required.

We've previously blogged about another security update (see Microsoft Security Advisory 2416728, the ASP.NET Vulnerability, and Exchange Server), and will continue to do so as required to address customer questions.

Maybe a stupid question but does TMG provide any protection or does the vulnerability pass right through it, thus affecting an Exchange server?  Thank you.

@Pete: The bulletin inludes multiple vulnerabilities and it'd depend on how TMG's configured. For example, you can be alerted for one of the vulnerabilities if you have the Network Inspection System's IDS signature updated. You can configure TMG to block that traffic instead of alerting. See details and discussion in Forefront TMG - NIS Update for CVE-2011-3414. You'd need to contact the TMG team for more details.

But TMG can only protect you if the traffic passes through it.

Regardless, we strongly recommend applying the security updates.

This info is good to have at any rate  - MS11-100 caused a mission critical app to fail on us this morning.  We had to pull the update and inform the vendor.

Hello,

WSUS has presented a number of our Windows 2003 R2 x64 servers (hosting Exchange 2007) with this patch to be installed, however the installation fails on all of them?

Any advice?

Addition to above post: I should clarify that it is specifically the .NET 1.1 version of the patch.

.net installs can be troublesome and sometimes fail.  What's the error code you are getting, and I'd post in either the Exchange software updates forum, a Windows update forum or check out www.patchmanagement.org to sign up for and post questions about patching issues.

BONJOUR,

pourquoi cette mise a jour ne cesse de ce représenter après le téléchargement et l’installation ça fait bien la 20 ème identique que j'installe. assus N71g,  Windows 7 x 64 v 6.1.7601 sp1, IC2 duo, Nvidia Geforce GT 220M.

merci pour vous réponses.

cordialement.

@JC: Bonjour. Vous devrez demander que dans un forum de Windows.