959241 : Description of Update Rollup 6 for Microsoft Exchange Server 2007 Service Pack 1

So we all know RU6 is out, but have you checked out what it fixes? .. http://support.microsoft.com/kb/959241/en-us

Version2.0 says:

You use Microsoft Outlook Web Access (OWA) 2007 to access a mailbox on a computer that is running Microsoft Exchange Server 2007 Service Pack 1. When you download an .xls file attachment and then try to open the file, the downloaded file is empty.

This problem occurs if the .xls file contains XML data. In Exchange Server 2007, if a file that contains XML data is attached to a message, the XML content in files is removed when you open or save the attachment by using OWA.

 

In a Microsoft Exchange Server 2003 and Exchange Server 2007 coexisting environment, some free/busy messages are not successfully replicated from Exchange 2007 servers to Exchange 2003 servers after some mailboxes are migrated from an Exchange 2003 server to an Exchange 2007 server. Therefore, the updated free/busy messages of those migrated users are not available on the Exchange 2003 server. Additionally, the following error is logged in the application event log on the Exchange 2003 server.

Event Type: Error Event Source: MSExchangeFBPublish Event Category: General Event ID: 8207 Description: Error updating public folder with free-busy information on virtual machine . The error number is 0x80070057. </P> <P>&nbsp;</P> <UL> <LI> <P><A href=”http://support.microsoft.com/kb/956536/”><STRONG>956536</STRONG></A><STRONG&gt; (http://support.microsoft.com/kb/956536/ ) The Microsoft Exchange File Distribution service uses lots of memory and processor time when Exchange Server 2007 processes many OABs </STRONG></P></LI></UL> <P>On a Microsoft Exchange Server 2007 server, you create many Offline Address Books (OABs). After that, you may notice that the Microsoft Exchange File Distribution service uses lots of memory and processor time on a computer that has Microsoft Exchange Server 2007 Client Access Server (CAS) role installed. When this occurs, the Exchange 2007 CAS computer responds slowly and does not perform as expected. </P> <P>When Exchange Server 2007 processes OABs, the Exchange 2007 server uses temporary objects. However, those temporary objects are not controlled well. This may cause the size of the temporary objects to grow larger than expected on the computer.</P> <P>&nbsp;</P> <UL> <LI> <P><A href=”http://support.microsoft.com/kb/956624/”><STRONG>956624</STRONG></A><STRONG&gt; (http://support.microsoft.com/kb/956624/ ) The Microsoft Exchange Transport service crashes continuously after you enable journal rule or deploy an antivirus application on an Exchange Server 2007 server </STRONG></P></LI></UL> <P>After you enable journal rule or deploy an antivirus application on Exchange Server 2007, the Microsoft Exchange Transport service crashes continuously.</P> <P>When Exchange Server 2007 processes the filename of the attachments of certain digitally signed messages, an error causes a stack overflow.</P> <P>&nbsp;</P> <UL> <LI> <P><A href=”http://support.microsoft.com/kb/957748/”><STRONG>957748</STRONG></A><STRONG&gt; (http://support.microsoft.com/kb/957748/ ) The custom message class of contact object is overwritten by the normal IPM.Contact class when an Exchange 2007 server replicates the contact object to any other public store </STRONG></P></LI></UL> <P>When a Microsoft Exchange 2007 server replicates a Contact object that is using a custom form, the custom message class is overwritten by the normal <B>IPM.Contact</B> class during content conversion. This issue occurs when a public store is replicated from Exchange 2007 server to any other public store that is hosted on an Exchange 2007 server or on an Exchange 2003 server. As a result, Exchange users cannot use the custom message class of the contact object in the public folders in an Exchange 2007 related environment.</P> <P>&nbsp;</P> <UL> <LI><A href=”http://support.microsoft.com/kb/959239/”><STRONG>959239</STRONG></A><STRONG&gt; (http://support.microsoft.com/kb/959239/ ) MS09-003: Vulnerabilities in Microsoft Exchange could allow remote code execution </STRONG></LI></UL> <P>MS09-003 is interesting (<A title=http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx href=”http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx”>http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx</A&gt;)</P> <P>This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. </P> <P>The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.</P> <P>&nbsp;</P> <P>I wonder if this affects Blackberry?</P>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: