This week marked the release of the latest Update Rollup package for Exchange 2010 Service Pack 3. Update Rollup 3 (RU3) contains all security updates and patches that have been released for Exchange 2010 Service Pack 3 since its initial release. It does not contain any additional patches. Microsoft recommends that RU3 be deployed to all Exchange 2010 SP3 servers in your environment.Update rollups are designed to make it easier to patch systems, by including all updates that have come out since the initial product (or service pack version) was released. Unlike an Exchange 2010 Service Pack, the RU is not the full product. RU3 weighs in at just under 31MB and comes as an MSP file. You can install it by hand on each of your Exchange 2010 SP3 servers, or push it through your management system, like SCCM or LanGuard.
Microsoft Knowledge Base article 2891587 details all the fixes included in this RU. Here’s the short list for your reference.
- 2876063 MS13-061: Vulnerabilities in Microsoft Exchange Server could allow remote code execution: August 13, 2013
- 2715761 “550 5.6.0″ NDR when you send a yearly recurring meeting request in an Exchange Server 2010 environment
- 2839533 RPC Client Access service freezes in an Exchange Server 2010 environment
- 2840454 “The rules on this computer do not match the rules on Microsoft Exchange” error when you manage rules by using Outlook 2013 in an Exchange Server 2010 environment
- 2866064 Can’t load OWA Premium by using Internet Explorer 11 in an Exchange Server environment
- 2874070 Public folders are exposed although the user does not have rights to see the parent folders in an Exchange Server 2010 SP3 environment
- 2878175 Client Access server crashes when you use Outlook with a Riverbed WAN optimizer in an Exchange Server 2010 environment
- 2879320 Retention action setting is not updated in FAI items by running the Set-RetentionPolicyTag cmdlet in an Exchange Server 2010 environment
- 2879736 Office 365 users cannot retrieve an on-premises user’s free/busy data in an Exchange Server 2010-based hybrid deployment
- 2880153 RPC Client Access Service crashes if Outlook is in online mode in an Exchange Server 2010 environment
- 2880290 RPC Client Access service crashes when you use Outlook in ANSI online mode in an Exchange Server 2010 environment
- 2882467 RPC Client Access service stops if Outlook is in online mode in an Exchange Server 2010 environment
- 2882677 BlackBerry device is not redirected in an Exchange Server 2010 environment
- 2886469 EAS client receives status code 8 during synchronization in an on-premises Exchange Server 2010 environment
- 2886567 “Objects added to a BindingSource’s list must all be of the same type” error message when you add an additional domain name in Exchange Server 2010 SP3
- 2887574 RPC Client Access service freezes when your mailbox reaches the quota limit in an Exchange Server 2010 environment
- 2888406 Mailbox Replication service crashes when you try to move mailboxes in an Exchange Server 2010 environment
- 2888906 Events 1000, 4999, and 9775 are logged when Store.exe crashes on an Exchange Server 2010 SP3 Mailbox server
- 2888911 W3wp.exe crashes when you decline a meeting request by using Outlook Web App or an EWS application in an Exchange Server 2010 environment
- 2890650 Items in the Drafts folder are not stamped with the retention policy tag in an Exchange Server 2010 or 2013 environment
- 2891194 Exchange ActiveSync devices are marked as “Blocked” in EMS and EMC when the devices are synchronizing with the Exchange Server 2010 server
- 2892337 Outlook client freezes when you try to sort email folders by columns in an Exchange Server 2010 environment
- 2893437 Delegate can read your AD RMS protected messages by using Outlook Web App in an Exchange Server 2010 environment
- 2896304 Background image is displayed incorrectly in an email message when a disclaimer rule is enabled in an Exchange Server 2010 environment
- 2899146 You cannot drag email messages to other folders by using Outlook Web App in an Exchange Server 2010 environment
Here are some things you want to be aware of before installing RU3.
- Exchange servers without Internet access will need to connect to the Microsoft CRL endpoint to validate the signature on the binaries. If you don’t allow Internet access from these servers, you will need to disable CRL checking.
- Customized OWA pages will be overwritten. Make sure you save a copy of any custom logon.aspx page.
- CAS-CAS Proxy deployments should patch the Internet facing CAS server before the internal one.
- Windows Server 2012 systems running a double-byte character set version of the operating system must set their locale for non-Unicode programs to English (US.)
- Reboots are required.
Except for CAS-CAS proxy, there is no requirement to deploy this patch in any particular order, but I still like to start from the outside and work my way in. That means
- First patch the Edge Transport servers
- Next, the CAS.
- Then patch Hub Transport servers.
- Finally, patch the Mailbox servers.
- If you have UC servers, do them last.
And of course, you should make sure that ALL your Exchange servers are running the same patch level, so make sure all your Exchange 2010 servers have SP3 installed, and then apply RU3. Whew. Good thing that some of us have a long holiday weekend ahead of us. I’ll be patching while watching the parades, and staying out of everyone’s way in the kitchen! You can download RU3 from http://www.microsoft.com/en-us/download/details.aspx?id=41173.