Microsoft released some security patches last month without revealing them to the public. Some of the fixes affected software in mission critical Exchange mail servers.

The patches were hidden in one of Microsoft’s periodic updates issued April 13, namely “Microsoft Security Bulletin MS10-024 – Important: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832).”

“This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service,” Microsoft said in the security bulletin’s executive summary.

“The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service,” it continued. “By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.

It added: “This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003; 32-bit and x64-based editions of Windows Server 2008; Windows Server 2008 R2 for x64-based Systems; and Microsoft Exchange Server 2003. This security update is rated Moderate for Microsoft Exchange Server 2000.”

Continue reading Microsoft releases stealth patches for Exchange