This is regarding the “Microsoft Security Bulletin MS10-024” – Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832). As we know, security related changes for Exchange 2007 and Exchange 2010 ship as Update rollups following the cumulative servicing model.
Per MS Exchange Product Group blog post, this security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service.
- Security Update for Exchange 2000 Server (KB976703)
- Security Update for Exchange Server 2003 Service Pack 2 (KB976702)
- Update Rollup 10 for Exchange Server 2007 Service Pack 1 (KB981407)
- Update Rollup 4 for Exchange Server 2007 Service Pack 2 (KB981383)
- Update Rollup 3 for Exchange Server 2010 (KB981401)
Recommendation. Based on Security Bulletin, the majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually.
For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.