Microsoft Exchange Server 2010 SP3




Software update: Microsoft Exchange Server 2010 SP3 Rollup 26

Microsoft has already released the twenty-sixth Rollup for the third Exchange Server 2010 service pack. Service Pack 3 was released in February 2013. Mainstream support from Microsoft ended in January 2015, but the extended support will continue until January 2020. In this extended period, only security and time zone updates will be implemented. The corresponding KB article with number 4487052 reports the following:

Update Rollup 26 for Exchange Server 2010 Service Pack 3

This update rollup is a security update. This update provides a security advisory in Microsoft Exchange. See Security Advisory ADV190004 for more information. It also resolves some vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0686 and Microsoft Common Vulnerabilities and Exposures CVE-2019-0724.

Known issues in this security update
When you try to manually install this update by double-clicking the update file (.msp) to run it in “normal mode” (that is, not as an administrator), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update does not correctly stop certain Exchange-related services.
To avoid this issue, follow these steps to manually install this security update:
Select Start, select All Programs, and then select Accessories.
Right-click Command prompt, and then select Run as administrator.
If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
Type the full path of the .msp file, and then press Enter.
This issue does not occur when you install the update from Microsoft Update.
Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state. To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update from an elevated command prompt. For more information about how to open an elevated command prompt, visit the following Microsoft webpage: Start a Command Prompt as an Administrator
Issues that this cumulative update fixes

This article in the Microsoft Knowledge Base article:
4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
Version number 2010 SP3 Rollup 26
Release status Final
Operating systems Windows Server 2008, Windows Server 2012
License type Paid


In: A Technology & Gadgets Asked By: [23633 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »