RSSDays like Tuesday make me glad I'm using Office 365 now, and don't have to mess with updates to Exchange server (or SharePoint). It's someone else's job to install the updates.
Both Exchange 2010 and 2007 are affected by the remote code execution vulnerabilities described in Security bulletin MS13-012: Vulnerabilities in Microsoft Exchange Server could allow remote code execution: February 12, 2013
http://support.microsoft.com/kb/2809279
Updates to address the vulnerability are in Exchange 2010 SP2's Update rollup 6 and Exchange 2007' SP3s Update rollup 10, as well as in the newly released Exchange 2010 SP3.
More details are available in
Description of Update Rollup 10 for Exchange Server 2007 Service Pack 3
http://support.microsoft.com/kb/2788321
Description of Update Rollup 6 for Exchange Server 2010 Service Pack 2
http://support.microsoft.com/kb/2746164
Exchange 2010 SP3 contains all of the previously update rollups but the big news is that this updates will enable coexistence with Exchange 2013, supports Windows Server 2012 and IE10.
Description of Exchange Server 2010 SP3
http://support.microsoft.com/kb/2808208
From the KB article:
Coexistence with Exchange 2013:
You can now install Exchange Server 2013 in your existing Exchange Server 2010 organization. To do this, install Exchange Server 2013 Cumulative Update 1 (CU1). You cannot install Exchange Server 2013 in your existing Exchange Server 2010 organization by using Exchange Server 2013 RTM installation media. Note Exchange Server 2013 CU1 is also an installation medium for Exchange Server 2013.
Support for Windows Server 2012: You can now install and deploy Exchange Server 2010 on computers that are running Windows Server 2012.
Support for Internet Explorer 10: You can now use Internet Explorer 10 to connect to Exchange 2010.
