- Update Rollup 11 for Exchange Server 2007 SP3
- Update Rollup 7 for Exchange Server 2010 SP2
- Update Rollup 2 for Exchange Server 2010 SP3
- Exchange Server 2013 RTM CU1 MSRC Security bulletin MS13-061
- Exchange Server 2013 RTM CU2 MSRC Security bulletin MS13-061
As with any new updates for Exchange, lab testing is a must. All the rollups include one particular security fix as well – MS13-061.
In fact, while installing Exchange 2010 SP3 RU2, there were reports of prompting for the Service Pack files for Exchange 2010 SP3. When installing the rollup update, you would get a prompt like this:
.
Since the files on my server are either no longer in this directory or were deleted, the Rollup Update is prompting for the new file location.
For Exchange 2007 SP3 RU11 the fixes are:
- 2852663 The last public folder database on Exchange 2007 cannot be removed after migrating to Exchange 2013
- 2688667 W3wp.exe consumes excessive CPU resources on Exchange Client Access servers when users open recurring calendar items in mailboxes by using OWA or EWS
- Microsoft Security Bulletin MS13-061 – Critical – Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
For Exchange 2010 SP2 RU 7 the fixes are:
- Microsoft Security Bulletin MS13-061 – Critical – Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
For Exchange 2010 SP3 RU2 the fixes are:
- 2837926 Error message when you try to activate a passive copy of an Exchange Server 2010 SP3 database: “File check failed”
- 2841150 Cannot change a distribution group that contains more than 1,800 members by using ECP in OWA in an Exchange Server 2010 environment
- 2851419 Slow performance in some databases after Exchange Server 2010 is running continuously for at least 23 days
- 2853899 Only the first page of an S/MIME signed or encrypted message is printed by using OWA in an Exchange Server 2010 environment
- 2854564 Messaging Records Management 2.0 policy can’t be applied in an Exchange Server 2010 environment
- 2855083 Public Folder contents are not replicated successfully from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010
- 2859596 Event ID 4999 when you use a disclaimer transport rule in an environment that has Update Rollup 1 for Exchange Server 2010 SP3 installed
- 2860037 iOS devices cannot synchronize mailboxes in an Exchange Server 2010 environment
- 2861118 W3wp.exe process for the MSExchangeSyncAppPool application pool crashes in an Exchange Server 2010 SP2 or SP3 environment
- 2863310 You cannot send an RTF email message that contains an embedded picture to an external recipient in an Exchange Server 2010 SP3 environment
- 2863473 Users cannot access Outlook mailboxes that connect to a Client Access server array in an Exchange Server 2010 environment
- 2866913 Outlook prompts to send a response to an additional update even though the response request is disabled in an Exchange Server 2010 environment
- 2870028 EdgeTransport.exe crashes when an email message without a sender address is sent to an Exchange Server 2010 Hub Transport server
- 2871758 EdgeTransport.exe process consumes excessive CPU resources on an Exchange Server 2010 Edge Transport server
- 2873477 All messages are stamped by MRM if a deletion tag in a retention policy is configured in an Exchange Server 2010 environment
- Microsoft Security Bulletin MS13-061 – Critical – Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
For Exchange 2013 CU1 and CU2, the only update is the MS13-061 update and the update links available from the Exchange Team Blog do not seem to work at this time. Please note that according to Microsoft you must have the latest version of CU2 for Exchange 2013 in order to apply this security update when it is available.
There are reports of various issues when applying this security fix for Exchange 2013. See HERE and HERE.
