Forum Discussion

rms373's avatar
rms373
Level 4
17 years ago

EV and Exchange critical patch MS09-003

Hello all,

 

I was just wondering if the MS Exchange critical update MS09-003 posted last week has any impact on EV, specifically EV6.0. Apologies if this is has been answered elswhere, a search of the forums and knowledge base didn't reveal anything.

 

I'm also wondering if this information is usually posted somewhere by Symantec as it comes to hand, so i can just check there in the future.

 

Thanks in advance

  • Hiya,

     

    Typically, Symantec EV aim to QA major version and service pack releases within 60 days of release, although this is not a hard and fast rule (for example, testing Windows 7 will probably take a while to properly test!).

     

    However we do not specifically test patches - if you bear in mind how many patches are releasd each month, and sometime re-released, a lot of cycles would be spent just by QA testing a patch that could be released again a week later.

     

    We do generally notice quickly if a patch causes issues as they are applied via automatic updates as par for the course, its just that each patch is not tested in itself.

     

    Hope that makes sense.

     

  • we are running EV 7.5 and have deployed the patch without any issues.

     

    Please note we are journaling and not mailbox archiving

     

     

  • We have loaded this patch on a development Exchagne server with no issues.  Dont forget to load the patch on your EV servers as well as it changed CDO.dll and mapi32.dll. 
  • Hello. Are you sure it needs to be applied to the EV-server's also? I do understand that it changes the dll's mentioned, but do these need to be in sync on the ev-servers? Have this been recommended by Symantec?

     

    Did you test on the dev. environment what happens if you do not apply the patch?

     

    Sorry for asking, but I am running a large env. currently no dev.env. available.

     

    Thanks for info.

    Gertjan

     

     

  • My understaning and what i've gathered from the two first posts is that it is an Exchange-only update and does not need to be installed on EV... did WSUS (if you use it) ear-mark that update to be installed on the EV server? Mine didn't, its only ear-marked that update to be installed on the Exchange server, did you force the update on the EV server?

     

    I can appreciate that it is important the versions of these files stay the same on EV & Exchange; that's why i posted the initial query, as i'm led to believe the patch does not get installed on EV, just Exchange - even though some files may be version mis-matched.

  • The MS bulletin has been updated to include ESM installations;

     

    "...I am a third-party application developer and I recommend that customers install Exchange System Management tools for Exchange Server 2003 as a prerequisite in order to use my application. How do they update it? 
    Customers who are running only the Exchange System Management tools for Exchange Server 2003 should install the security update for Exchange Server 2003 Service Pack 2 (KB959897) to be protected from the vulnerabilities described in this bulletin...."

     

    So i wonder if this means the patch DOES need to be installed on EV servers?

  • I have always followed that method of anytime cdo or mapi32 dll change you update your supporting applications (Blackberry and EV).  I have a case open with support and have asked for their official stance on the subject.  We have an 8000 user deployment with EV 7.5 and also dont want to risk much when we deploy. 

  • Installs of EV no longer list ESM as a pre-req on the EV Servers, only outlook.

     

    For customers who want to synchronise inherited permissions, ESM is required, no other operations (archiving,retrieval etc) use any of the ESM binaries. Installing this hotfix will therefore not affect EV functionality.

     

    If Microsoft state that you should install this if you are running ESM then you should do so.