Exchange 2007 Update Rollups

So as you have read I have been playing with the two Update Rollups (1, 2)and the one things that gets me is that you have no way of knowing what patches are applied on what servers.

Until now ;-) So I have written some PowerShell that will get a list of all your Exchange 2007 with the exception of Edge servers.  It then uses WMI to connect to the servers registry and dump the Patches Registry key.  You can see the key here:

HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products461C2B4266EDEF444B864AD6D9E5B613Patches

So the output looks like this:

[PS] C:PS>.Get-ExchangeServerPlus.ps1

CAS01 [ClientAccess] [Standard] 8.0.535.0
– 20070418:  Update Rollup 1 for Exchange Server 2007 (KB930809) 8.0.708.3

CAS02 [ClientAccess] [Standard] 8.0.535.0
– 20070509:  Update Rollup 2 for Exchange Server 2007 (KB935490) 8.0.711.2

HUB01 [HubTransport] [Standard] 8.0.535.0
– 20070419:  Update Rollup 1 for Exchange Server 2007 (KB930809) 8.0.708.3
– 20070509:  Update Rollup 2 for Exchange Server 2007 (KB935490) 8.0.711.2

HUB02 [HubTransport] [Standard] 8.0.535.0
– 20070419:  Update Rollup 1 for Exchange Server 2007 (KB930809) 8.0.708.3

MBX01 [Mailbox] [Enterprise] 8.0.535.0
– 20070418:  Update Rollup 1 for Exchange Server 2007 (KB930809) 8.0.708.3

MBX03 [Mailbox] [Standard] 8.0.535.0
– 20070424:  Update Rollup 1 for Exchange Server 2007 (KB930809) 8.0.708.3

[PS] C:PS>

Here is the code,  I need to sort out a bit or error handling but it works!


#Get-ExchangeServerPlus.ps1
#v1.0 9th May 2007
#Written By Paul Flaherty
#blogs.flaphead.com

#Get a list of Exchange Server in the Org excluding Edge servers
$MsxServers = Get-ExchangeServer | where {$_.ServerRole -ne “Edge”} | sort Name

#Loop each Exchange Server that is found
ForEach ($MsxServer in $MsxServers)
{

    #Get Exchange server version
    $MsxVersion       = $MsxServer.ExchangeVersion

    #Create “header” string for output
    # Servername [Role] [Edition] Version Number
    $txt1 = $MsxServer.Name + ” [” + $MsxServer.ServerRole + “] [” + $MsxServer.Edition + “] ” + $MsxVersion.ExchangeBuild.toString()
    write-host $txt1

    #Connect to the Server’s remote registry and enumerate all subkeys listed under “Patches”
    $Srv = $MsxServer.Name
    $key = “SOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products461C2B4266EDEF444B864AD6D9E5B613Patches”
    $type = [Microsoft.Win32.RegistryHive]::LocalMachine
    $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
    $regKey = $regKey.OpenSubKey($key)

    #Loop each of the Subkeys (Patches) and gather the Installed date and Displayname of the Exchange 2007 patch
    Foreach($sub in $regKey.GetSubKeyNames())
    {
        Write-Host “- ” -nonewline
        $SUBkey = $key + $Sub
        $SUBregKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
        $SUBregKey = $SUBregKey.OpenSubKey($SUBkey)

        Foreach($SubX in $SUBRegkey.GetValueNames())
        {
            # Display Installed date and Displayname of the Exchange 2007 patch
            IF ($Subx -eq “Installed”)   {Write-Host $SUBRegkey.GetValue($SubX) -NoNewLine}
            IF ($Subx -eq “DisplayName”) {write-Host “: “$SUBRegkey.GetValue($SubX)}
        }
    }
        write-host “”
}

 

I will upload the zip in a couple of hours when I get home and this link will become alive 

Hope this helps.   Let me know if you have any feedback

Microsoft Security Bulletin MS07-026: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)

Interesting .. http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx

This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

We recommend that customers apply the update immediately.

Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004 — Download the update (KB931832)

Microsoft Exchange Server 2003 Service Pack 1 — Download the update (KB931832)

Microsoft Exchange Server 2003 Service Pack 2 — Download the update (KB931832)

Microsoft Exchange Server 2007 — Download the update (KB935490)

Outlook Web Access Script Injection Vulnerability
An information disclosure vulnerability exists in Microsoft Exchange in the way that Outlook Web Access (OWA) handles script-based attachments. An attached script could spoof content, disclose information, or take any action that the user could take within the context of the OWA session.

Affects:
Microsoft Exchange Server 2000 Service Pack 3    
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 2003 Service Pack 2

Malformed iCal Vulnerability
A denial of service vulnerability exists in Microsoft Exchange Server because of the way that it handles calendar content requests. An attacker could exploit the vulnerability by sending an e-mail message with specially crafted iCal file to a Microsoft Exchange Server user account. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding.    

Affects:
Microsoft Exchange Server 2000 Service Pack 3    
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007

MIME Decoding Vulnerability
A remote code execution vulnerability exists in Microsoft Exchange Server because of the way that it decodes specially crafted e-mail messages. An attacker could exploit the vulnerability by sending a specially crafted e-mail to a Microsoft Exchange Server user account. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
    
Affects:
Microsoft Exchange Server 2000 Service Pack 3    
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007

IMAP Literal Processing Vulnerability
A denial of service vulnerability exists in Microsoft Exchange Server because of the way that it handles invalid IMAP requests. An attacker could exploit the vulnerability by sending a specially crafted IMAP command to a Microsoft Exchange Server configured as an IMAP server. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding.

Affects:
Microsoft Exchange Server 2000 Service Pack 3