I was a bit surprised finding this one in my mailbox this morning, but Microsoft has released Update Rollup 23 for Exchange 2010 SP3. It’s a security update, and it solves the vulnerability that’s described in CVE-2018-8302 (Exchange memory corruption vulnerability).
A couple of things to be aware of:
- This update is available via Windows Update and as such can be installed automatically.
- The Visual C++ 2013 Redistributable package is now a required component. You can download this from https://www.microsoft.com/download/details.aspx?id=40784
If it’s not installed, a pop-up warning will appear:
- If you run the update manually, make sure you use evelated privileges (‘Run as Administrator’). Since you cannot run a .MSP file this way, open a command prompt with elevated privileges and start the Update Rollup from the command prompt. If you don’t use elevated privileges the update won’t install correctly, but doesn’t show a warning in this case. The result is that OWA and ECP might stop working.
Update Rollup 23 is available via the Download Center: https://www.microsoft.com/en-us/download/details.aspx?id=57219
As always…. please test before updating your production environment!