Hotfix for HMC 4.0 and HMC 4.5 released to avoid that Mail gets sent to unintended mail recipients because legacyExchangeDN strings get re-used in the system - Mike Kostersitz's WebLog - Site Home

This is a short note that the HMC product group has released a critical hotfix for both HMC 4.0 and HMC 4.5. The issue is as follows

HMC 4.x uses the Exchange 2007 default mechanism to stamp the legacyExchangeDN. As a result, it uses just the alias to stamp it. Hence, there are possibilities where alias get re-used when one has been deleted.

When the legacyExchangeDN has been re-used, replying some of the old mail or sometimes, selecting the recipient through the Outlook nickname cache will result in the mail get delivered to the unintended recipients. This may result in information being sent or disclosed to unintended party.

This has been address by the fix outlined in the KB articles 976864 for HMC 4.5 and 976865 for HMC 4.0.

Please follow the normal support process for your Solution Support contract to obtain the fix for your environment.

Don't have a Solution Support Contract for your HMC environment? Check this link http://technet.microsoft.com/en-us/serviceproviders/cc299490.aspx