Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

January 11, 2006

Change to Microsoft Support Lifecycle fixes Exchange 5 flaw

Posted by David Hunter at 9:18 PM ET.

Yesterday, Microsoft introduced a minor change to its Lifecycle Support policy:

Support for products traditionally has ended at the end of a calendar quarter – Dec. 31, March 31, June 30 or Sept. 30, mere days before the second Tuesday of the following month, when Microsoft issues security updates. For some customers, that timing has meant they have not been able to take advantage of potential fixes for products for which support has just ended.

Effective today, Microsoft is changing that by matching the date the product-support lifecycle ends with the regular, monthly security update release cycle. Specifically, products for which support ended Dec. 31, 2005 — namely Microsoft Exchange Server 5.5 – are supported until today, when Microsoft is issuing a security update for the server, company officials say.

And apparently the change was just in time for Exchange 5 users:

The change most impacts Exchange 5.0 and 5.5 users, who were to be cut off from all support — including critical security updates — as of the end of 2005, but who received a patch for a critical vulnerability Tuesday.

“This is a very good thing for our customers in terms of our Trustworthy Computing initiative,” Vargas added.

It may have more to do with the severity of the vulnerability than with any Microsoft initiative.

“This bug has massive financial implications,” claimed Mark Litchfield, co-founder and director of NGS Software, the U.K.-based security company credited with discovering the flaw. “If enterprises didn’t patch yesterday, they’d better be patching today,” he added.

The vulnerability affects older editions of Microsoft Exchange, from the now-obsolete 5.0 and 5.5 through Exchange 2000 Server. Microsoft Exchange Server 2003, however, is immune.

The changes haven’t been reflected on the various lifecycle information pages yet.

Filed under Exchange, Obsolescence, Patch Tuesday, Security, Servers

Related posts:


One Response to “Change to Microsoft Support Lifecycle fixes Exchange 5 flaw”

  1. Microsoft News Tracker » More on the Exchange Server and Outlook bug Says:

    [...] As mentioned yesterday, Microsoft changed their lifecycle support policy to get in one last security fix for Exchange 5.0 and Exchange 5.5. It’s just as well, because Microsoft’s Newest Bug Could Be Awful, Researcher Says: “What I find bizarre is that there’s still all this focus on the WMF [Windows Metafile] bug,” said Mark Litchfield, the director of NGS Software, a U.K.-based security company, and one of the two researchers credited by Microsoft with the discovery of the TNEF (Transport Neutral Encapsulation Format) vulnerability. … “You could take over an Exchange server with a single, simple e-mail,” he said. “From there you could target all the clients accessing that server. You would ‘own’ any Outlook client that connects to that server. Then an attacker could grab the Outlook users’ address books. [...]

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email

Powered by FeedBlitz


Full category list


Archive List

RSS Feed:

HunterStrat Links:


  • Powered by WordPress.