search cancel

Symantec Mail Security for Microsoft Exchange hotfixes for Decomposer vulnerabilities

book

Article ID: 150408

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

 

Resolution

To mitigate the risks that Decomposer vulnerabilities posed, the following hotfixes are available for Symantec Mail Security for Microsoft Exchange.

You must apply the appropriate hotfix to your Symantec Mail Security for Microsoft Exchange version from the following list:

SMSMSE Version

Hotfix Number

Hotfix contents

Download

SMSMSE 7.0.0 to 7.0.4

SMSMSE_7.0_3966002_HF2.1

  • ApplyHF.ps1 - Tool to deploy the hotfix automatically.
  • Readme - Explains the steps to deploy the hotfix manually or automatically.
  • DecSDK.dll, Dec2.dll and definitions folder.

SMSMSE_7.0_3966002_HF2.1.zip

SMSMSE 7.5.0 to 7.5.4

SMSMSE_7.5_3966008_VHF2.2

  • ApplyHF.ps1 - Tool to deploy the hotfix automatically.
  • Readme - Explains the steps to deploy the hotfix manually or automatically.
  • DecSDK.dll, Dec2.dll, definitions folder and BEIK folder.

SMSMSE_7.5_3966008_VHF2.2.zip

SMSMSE 6.5.8

SMSMSE_6.5.8_3968140_HF2.3

Note: You must upgrade to SMSMSE 6.5.8 if you have SMSMSE 6.5.7 or earlier version.

  • Readme - Explains the steps to deploy the hotfix manually.
  • DecSDK.dll, Dec2.dll and definitions folder.

SMSMSE_6.5.8_3968140_HF2.3.zip

Applying the hotfix

For the detailed instructions on how to apply the hotfix, see the Readme.txt file in the attached zip file.

About the Decomposer vulnerabilities

For more information about the Decomposer vulnerabilities, see Advisory-I and Advisory-II.

Common questions

Q: If I upgrade Symantec Mail Security for Microsoft Exchange (SMSMSE) will I need to reapply the hotfix?

A: The provided hotfix replaces components of the SMSMSE installation with components that are not impacted by the vulnerability. Upgrading or installing any product version indicated in this article would require the patch be applied.

Q: How can I determine if the patch is already applied to the currently installation of Symantec Mail Security for Microsoft Exchange?

A: To determine if the patch is already applied perform the following steps:

  1. Navigate to <Install Path>\SMSMSE\<version #>\Server.
  2. Right-Click Dec2.dll and choose Properties
  3. Click the Details tab.
    If the listed Product version is 5.4.7.5 then the patch has already been applied.

Attachments

SMSMSE_7.5_3966008_VHF2.2.zip get_app
SMSMSE_7.0_3966002_HF2.1.zip get_app
SMSMSE_6.5.8_3968140_HF2.3.zip get_app