Exchange Server 2003, 2007 and 2010 all perform the same functions but still have many differences. For instance, although the GUI doesn’t look much different, the core system is nearly all changed. When working with these changes we can often run into unexpected errors.

In Exchange we have a nice feature, which allows certain email addresses to only perform a set amount of operations. This feature known as a distribution group is frequently used as a method for grouping members by localities or responsibilities. As an Administrator we sometimes run into errors that are specifically caused by running mixed environments such as running Exchange 2007 and Exchange 2010 together.  When using a distribution group on one version of Exchange, it is important to keep track of the changes that have been made on another version of Exchange. Continue reading How to Correct Error Message “Only senders in the following list”

Two updates recently added to Microsoft Updates or that can be pushed through WSUS, SCCM, and other patch management applications may, at first glance, seem like good ones to have, but can cause significant problems for any version of Exchange 2007 and 2010. If you are running either of those platforms and tend to approve most updates for installation, you are going to want to pay special attention to this. If you tend only to approve those updates that you critically need, you may have less to worry about, but should still read on for more information on these two updates.

The two that we are discussing here are both to deploy Windows Management Framework 3.0 onto Server 2008 and Server 2008R2. WMF 3.0 offers significant new and/or upgraded administrative capabilities for the care and feeding of Windows 2008 servers including Continue reading Recent Updates Can Cause Problems for Exchange 2007 and 2010

Just last week, Microsoft re-released three key Update Rollups for Exchange Server. These include:

  Update Rollup 4-v2 for Exchange Server 2010 Service Pack 2 (KB2756485)

  Update Rollup 7-v2 for Exchange Server 2010 Service Pack 1 (KB2756496)

  Update Rollup 8-v2 for Exchange Server 2007 Service Pack 3 (KB2756497) Continue reading Microsoft Re-releases RUs for Exchange 2007 and 2010

In the hoopla running up to the Microsoft Exchange Conference two weeks ago in Orlando, it was easy for Redmond watchers to miss the company’s announcement that it would be releasing Service Pack 3 for Exchange 2010 in the first half of next year.

The announcement was short on details and a target date of “the first half of 2013″ was a little vague. Microsoft was in a bit of a bind, though. It had already scheduled a number of sessions at MEC about what must be done to get Exchange 2010 to play nice with Exchange 2013. The key to that was SP3, which was unannounced going into the week of the conference. So it appears that Microsoft, to avoid embarrassment, rushed out its sketchy announcement about the service pack.

What SP3 does is modify the Exchange 2010 servers so they can trade messages and proxy connections with Exchange 2013, as well as share the Active Directory schema necessary for supporting such new features as Data Leak Protection.

Microsoft’s General Manager for Exchange Customer Experience Kevin Allison explained in the announcement that Exchange 2010 administrators would have to update their Active Directory schema in order to take advantage of the new features in SP3. Those updates will be conveyed to Exchange 2010 users before the release of SP3 so they have plenty of time to plan their upgrade path.

Continue reading Microsoft Rushes Announcement of Exchange 2010 SP3 to Avoid MEC Snafu

In the past week, Microsoft’s Exchange team delivered Update Rollups for both Exchange 2007 SP3 and Exchange 2010 SP2, providing a host of fixes to the two messaging platforms. In this post, we are going to take a look at both new RUs to see what they hold for their respective versions. You should note that both RUs include the critical update for their respective Exchange version that we mentioned a few days ago. Since you should patch for that vulnerability anyway, the RUs are a good way to get that and several other important updates. Continue reading New RUs for both Exchange 2007 and Exchange 2010

As every Windows admin knows, the second Tuesday of every month is when Microsoft releases in-band patches and update for the Windows operating systems and the various server products, Office suites, and other Microsoft software. Exchange admins traditionally watch this with some awareness, but no great concern, but August 2012 is one of those months where Exchange admins need to pay close attention.

The advance notification Microsoft sends out ahead of “Patch Tuesday” shows that bulletin number 5 is all about Microsoft Exchange 2007 and 2010, and that this bulletin is rated Critical and the risk is Remote Code Execution. Many an admin likes to take a “wait and see” approach to security updates, but with a critical rating and a remote code execution risk, bulletin 5 means cancel your plans for next weekend-you’re going to want to apply this patch as quickly as you can test it out and get approvals. Continue reading Heads Up! Critical Update for Exchange Coming Tuesday

A vulnerability in some Oracle software could be leveraged by hackers to attack Microsoft Exchange Server 2007 and 2010 installations, as well as FAST Search Server 2010 for SharePoint.

The flaw has been identified in the code for the libraries of Oracle Outside In. The libraries can decode over 500 different file formats and are used by a number of programs including Oracle Fusion Middleware, Guidance Encase Forensics, AccessData FTK and Novell Groupwise.

Microsoft isn’t the only software maker that’s found the libraries troublesome. In July 2011, for instance, U.S. CERT posted a vulnerability note warning users of CorelDRAW that Outside In’s parser for that program contained a stack buffer overflow that could be exploited by intruders. Continue reading Oracle Flaw Allows Execution of Hacker Code on Exchange

Users of practically every supported version of Windows, whether desktop or server, 32 bit or 64 bit, and even the low attack surface Windows Server Core should immediately review Microsoft Security Bulletin MS11-100 and begin testing and deployment of this patch as soon as possible. The patch, covered in KB2638420 addresses four vulnerabilities in the Microsoft .NET Framework, including 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4. Three of the four were privately reported, while the last one has been publicly disclosed. Continue reading Microsoft Releases Critical, Out Of Band Update

December’s round of patches from Microsoft includes a patch for Microsoft Exchange 2007 SP2. This vulnerability is rated as a moderate, but I know several C level types who would consider anything that interrupts email as nothing short of a national disaster.

This vulnerability, which may also be discussed in CVE-2010-3937 (under review at the time of this writing,) can be exploited by an authenticated user making a specially crafted RPC call to an Exchange 2007 SP2 server running the mailbox role. Microsoft rates this as a moderate severity. Respectfully, I beg to differ.

Continue reading MS10-106 patches DoS vulnerability in Exchange 2007