Microsoft KB Archive/912442

= MS06-029: Vulnerability in Microsoft Exchange Server could allow script injection when Exchange Server runs Outlook Web Access =

Article ID: 912442

Article Last Modified on 10/30/2007

-

APPLIES TO

 Microsoft Exchange Server 2003 Service Pack 2, when used with:  Microsoft Exchange Server 2003 Enterprise Edition

 Microsoft Exchange Server 2003 Standard Edition  Microsoft Exchange Server 2003 Service Pack 1 Microsoft Exchange Server 2000 Service Pack 3

-

<div class="summary_section">

Microsoft has released security bulletin MS06-029. The security bulletin contains all the relevant information about the security update for Microsoft Exchange Server 2003 and for Microsoft Exchange 2000 Server Service Pack 3 (SP3). This includes file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms06-029.mspx

If you are using Microsoft Exchange Server 2003 Service Pack 1 (SP1) or Microsoft Exchange Server 2003 Service Pack 2 (SP2) and you install this security update, third-party services such as BlackBerry or GoodLink may be affected. Shared mailboxes and Microsoft Entourage delegation scenarios may also be affected.

If you are using Microsoft Exchange 2000 Server Service Pack 3 (SP3) and you install this security update, these issues do not apply.

If you are using Microsoft Exchange Server 2003 Service Pack 1 (SP1) or Microsoft Exchange Server 2003 Service Pack 2 (SP2), click the following article number to view the article in the Microsoft Knowledge Base before you install this security update.

912918 Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbwinxppresp2fix kbbug kbfix kbwinserv2003presp1fix kbwin2000presp5fix kbwinnt400presp7fix kbpubtypekc KB912442

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.