In the latest Patch Tuesday cycle Microsoft has released a critical update for the currently supported versions of Exchange Server.

Exchange Server 2007 and 2010 receive security updates via update rollups, therefore new update rollups have been made available. These are:

  • Exchange 2007 SP3 RU12
  • Exchange 2010 SP2 RU8
  • Exchange 2010 SP3 RU4

Note that these update rollups contain no new fixes or changes other than the security update.

Exchange Server 2013 receives security updates as standalone updates, and the new security fix is available for:

  • Exchange 2013 CU2
  • Exchange 2013 CU3

Note that Exchange 2013 RTM and Exchange 2013 CU1 are not supported in the servicing model for Exchange Server 2013 and will not receive this security update. You should update to CU2 or CU3 (preferably CU3) so that the security update is available to you.

More information including links to the downloads is available in the MS13-105 bulletin.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for


  1. Tim Olsen

    Microsoft recommends removing CAS servers from their NLB cluster before updating. Do you know of any best practice documentation for updating CAS servers behind a hardware load balancer? Specifically a Big-IP F5. Unfortunately, F5’s deployment guides do not cover this.
    Thanks for your help,

Leave a Reply