MS06-029: Vulnerability in Microsoft Exchange Server could allow script injection when Exchange Server runs Outlook Web Access

Microsoft has released security bulletin MS06-029. The security bulletin contains all the relevant information about the security update for Microsoft Exchange Server 2003 and for Microsoft Exchange 2000 Server Service Pack 3 (SP3). This includes file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site: If you are using Microsoft Exchange Server 2003 Service Pack 1 (SP1) or Microsoft Exchange Server 2003 Service Pack 2 (SP2) and you install this security update, third-party services such as BlackBerry or GoodLink may be affected. Shared mailboxes and Microsoft Entourage delegation scenarios may also be affected.

If you are using Microsoft Exchange 2000 Server Service Pack 3 (SP3) and you install this security update, these issues do not apply.

If you are using Microsoft Exchange Server 2003 Service Pack 1 (SP1) or Microsoft Exchange Server 2003 Service Pack 2 (SP2), click the following article number to view the article in the Microsoft Knowledge Base before you install this security update.


The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.