Microsoft has just released its quarterly updates for the on-premises versions of Exchange server. Normally, the company just releases for versions still under full support. But, this time, the company has also released an update for Exchange Server 2010 which is in the Extended Support phase lifecycle to resolve the following issue…
Our deployment guidance states when these versions are deployed together, load balancer VIP’s can (should) be pointed to servers running Exchange Server 2016. Exchange Server 2016 will proxy calls to an appropriate server version based upon where the mailbox being accessed is located. We have become aware of a condition which could allow proxied EWS calls to gain access to mailboxes on the 2010 server to which a user should not have access.
This scenario is very real for those companies installing multiple versions of Exchange in an effort to migrate to the latest version and avoid being left unsupported using Exchange 2010.
Here’s everything that’s available right now…
- Exchange Server 2016 Cumulative Update 8 (KB4035145), Download, UM Lang Packs
- Exchange Server 2013 Cumulative Update 19 (KB4037224), Download, UM Lang Packs
- Exchange Server 2010 Update Rollup 19 (KB4035162), Download
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!