When you're writing a book about a new product, it's difficult to get everything right. In this case, chapter 6 of the Exchange 2003 book omits any serious mention of the Exchange 2003 security hardening guide. At the time I wrote the chapter, it was unclear whether MS was going to produce it or not; I based the material in the chapter on a draft version that was circulating. After a cursory review, I don't see anything explicit missing from the chapter except details on the security templates that are included; I'll update this post after I've had a chance to do a more thorough reading.

In chapter 2, I claimed that Outlook 97 supports S/MIME v3. This is patently absurd. The correct claim is that Outlook 98 supports S/MIME v1, and that Outlook 2000 SR1 and later support S/MIME v3. Hat tip: Karim Battish of Microsoft.

I don't have any errata yet, but instead of maintaining a separate static page, I've decided to create a new category for errata. What prompted this? I got mail from the guy at Microsoft Press who heads the support team for their security books, asking me if I'd answer reader email. "Shell, yes", I told him; the new category is preparation.