This update adds support for the following Advanced Encryption Standard (AES) cipher suites in the Schannel.dll module for Windows Server 2003:
TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA and TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
With this update, you can support 128-bit and 256-bit cipher suites without Cryptography Next Generation (CNG). This update enables you to use a higher cipher strength.
This update also fixes the interoperability issue between the Exchange server and the Sendmail server. This update also fixes the interoperability issue between the Exchange server and the Postfix server.
If you need your Server 2003 server to be able to read SHA2 certificates created with Server 2008's Certificate Services (of the CNG variety), which are more secure than RC4 based certificates, you will need KB
938397.
And last but not least, if you want to upgrade your Server 2003's IIS certsrv site to support Vista and 2008 clients properly, you'll want KB
922706.
Hopefully, someone at MS is watching and they will release all 3 of these updates as a Certificate Services update rollup for Server 2003 to make life easier for Exchange 2007/Office Communications Server admins that want to take advantage of stronger crypto.
