Microsoft Re-releases RUs for Exchange 2007 and 2010

Just last week, Microsoft re-released three key Update Rollups for Exchange Server. These include:

  Update Rollup 4-v2 for Exchange Server 2010 Service Pack 2 (KB2756485)

  Update Rollup 7-v2 for Exchange Server 2010 Service Pack 1 (KB2756496)

  Update Rollup 8-v2 for Exchange Server 2007 Service Pack 3 (KB2756497)

The main reason for this is that the digital signature used to sign the binaries on these three RUs were generated with a problem. Microsoft has processes in place to code-sign all binaries that are released by the Product Release and Security Services team. In the case of these three RUs, that signing resulted in a very short validity period. Usually, binaries are signed with much longer validity periods to ensure that they are considered good for the foreseeable lifespan of the file. In this case, the signatures on the original files would show very soon that they are no longer valid.

This can cause two problems. First, if you downloaded it earlier but won’t get around to applying it until much later, the binaries would fail the signature check and you would be unable to install them. The other issue arises should you choose to uninstall the RU in the future, or attempt to validate the signatures on all binaries. You might do that if you are concerned that the server was compromised or data was corrupted and just want to verify that all binaries are good. In either case, these would fail the signature validation, and that would either prevent you from running the uninstall, or worse, lead you to believe your server has been compromised. Neither is a good thing.

Microsoft is re-releasing several updates from the October batch including MS12-053, MS12-054, MS12-055, and MS12-058 and may re-release others in the future if they determine that any others have been signed using the short time-frame key. Keep an eye on Windows Update, the Microsoft Security bulletins, and if any impact Exchange, this blog for more details.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.

Leave A Reply