Update Rollup 23 for Exchange Server 2010 SP3

I was a bit surprised finding this one in my mailbox this morning, but Microsoft has released Update Rollup 23 for Exchange 2010 SP3. It’s a security update, and it solves the vulnerability that’s described in CVE-2018-8302 (Exchange memory corruption vulnerability).

A couple of things to be aware of:

  • This update is available via Windows Update and as such can be installed automatically.
  • The Visual C++ 2013 Redistributable package is now a required component. You can download this from https://www.microsoft.com/download/details.aspx?id=40784
    If it’s not installed, a pop-up warning will appear:
  • If you run the update manually, make sure you use evelated privileges (‘Run as Administrator’). Since you cannot run a .MSP file this way, open a command prompt with elevated privileges and start the Update Rollup from the command prompt. If you don’t use elevated privileges the update won’t install correctly, but doesn’t show a warning in this case. The result is that OWA and ECP might stop working.

Update Rollup 23 is available via the Download Center: https://www.microsoft.com/en-us/download/details.aspx?id=57219

As always…. please test before updating your production environment!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s