Hi, I am not sure if I post in the right forum or not. Just received Microsoft Security Advisory (2401593), which asks to install Exchange 2007 SP3 to solve the vulnerability in OWA. I believe installing SP3 on CAS servers will be enough. Could someone please confirm? Thanks in advance, Eric

Hi I would suggest you to install it on all of your servers to eliminate the vulnerability Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

Thank you Jonas. But your post did not answer my question. Installing a Service Pack is not as easy/convenient as installing a hotfixe or a RU. There are some other reasons that prevent me, as well as others I am sure, from doing what you suggested, unless technically this is the only thing we have to do. To all the guys from MSFT, I think you should be able to find the answer easily, as you are working in MSFT. Please find the right team/person and ask this question and let us know ASAP - this security vulnerability is related to corporate email systems, not a free mail service, so should be dealt seriously. Thanks, Eric

Please see response here: http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaging/thread/38137467-0811-4ba7-bd8d-205f3544d2cb