Microsoft has released security updates for Exchange 2000 SP3, Exchange 2003 SP2, Exchange 2007 SP1/SP2 and Exchange 2010. For both Exchange 2007 and 2010 this security fix is  included in a rollup. For Exchange 2007 SP1 this is the 10th rollup, for Exchange 2007 the 4th and for Exchange 2010 the 3rd.

The update applies a fix to the Windows SMTP service because of a vulnerability which was recently found. This made it possible to perform a DOS attack on the Windows SMTP service.

Below you will find the links to the patches and a link to the security bulletin which has been published about this  vulnerability.

Exchange 2000 SP3: open

Exchange 2003 SP2: open

Exchange 2007 SP1: open

Exchange 2007 SP2: open

Exchange 2010: open

Microsoft Security Bulletin MS10-024: open


Johan Veldhuis