List of unpatchable exploits in MS Exchange 2003

Question

Possible Duplicate:
Where can I find a list of un-patched CVEs for a specific piece of software?

MS Exchange 2003 is no longer supported by Microsoft since April 2009.

However the Exchange 2003 server that I currently have is working just fine for me.
Is there a list of exploits in Exchange 2003 that are not patchable, so that I can make an informed decision on whether I need to upgrade urgently or not?

Links to unofficial patches to fix holes after the last security pack are also much appreciated.

Answer 1

One of the problems with unsupported software is that you simply don't know. Not only there is nobody to fix security bugs, but there's usually nobody to even collect and disseminate vulnerability reports. The problem becomes much worse with closed-source software.

I think it would be difficult to find issues, let alone create and distribute unofficial fixes. But even if someone were to spend time finding bugs in this old product, and they are kind enough to publish an unofficial fix. How would you be able to trust that this fix is genuine and doesn't introduce a trojan into your system? With nobody accountable or at a position of authority, it's hard to know who to trust.

That said, there's still a large number of people still using Internet Explorer 6, despite warnings that it is insecure, unsupported, and generally a really bad browser :)

Answer 2

Here the list of all known exploits from Secunia: http://secunia.com/advisories/product/1828/?task=advisories
Exchange 2003 has 13 advisories, 1 of which has not been patched.

Here's the link to the unpatched hole: http://secunia.com/advisories/14144/

The NVD database produces 22 entries on a search for exchange 2003 (although not all of these are holes in Exchange 2003 itself (some are holes in Outlook requiring exchange to be involved)) nvd search for exchange 2003