The Exchange 2000 Service Pack 3, however, will be released specifically to address issues the company discovered under its recent Trustworthy Computing initiative, said Jim Bernardo, product manager for the Microsoft's .net Enterprise Server team.
As part of the initiative, each division at Microsoft underwent a code review, checking each piece of software in search of vulnerabilities.
"We spent six or seven weeks scrubbing code" with Exchange 2000, Bernardo said. "The service pack will include changes and fixes based on the scrub we did."
One security feature that will be added to Exchange 2000 with the service pack release configures the server software with all the features "locked down" by default. To take advantage of some of the non-essential features of the software, such as special network extensions, administrators will have to activate the various settings in the software manually.
The service pack will also include a security tweak that will help prevent buffer over-runs, Bernardo said. Buffer over-runs occur when an attacker overflows the amount of memory assigned to a specific task on a computer. It can result in unpredictable behaviour such as crashes, denial of service and code execution.
No new product features will be added to Exchange 2000 with Service Pack 3. However, one existing feature that allows Exchange to work with Windows .net Server has been overhauled. Microsoft plans to release Windows .net Server, the next version of Windows 2000 Server, by the end of the year.