Security Patch for Exchange Released

Security bulletin MS13-105 was released by Microsoft and it affects these products:

  • Exchange Server 2007 SP3
  • Exchange Server 2010 RTM, SP1, SP2, and SP3
  • Exchange Server 2013 CU2
  • Exchange Server 2013 CU3

Exchange 2007 and 2010 get new Rollup Updates, while Exchange 2013 just gets a security patch.

Information about the patch can be found here – patch here. This release is included in the Rollup Updates for Exchange 2010 as follows:

Exchange 2007 SP3 RU12 – http://support.microsoft.com/kb/2903911
Exchange 2010 RTM RU5 – http://support.microsoft.com/?kbid=2407113
Exchange 2010 SP1 RU8 – http://support.microsoft.com/kb/2787763
Exchange 2010 SP2 RU8 – http://support.microsoft.com/kb/2903903/en-us
Exchange 2010 SP3 RU4 – http://support.microsoft.com/kb/2905616
Exchange 2013 RU1 – http://www.microsoft.com/downloads/details.aspx?FamilyID=e5c9ecf5-e36f-4164-9960-c91d01a83521
Exchange 2013 RU2 – http://www.microsoft.com/downloads/details.aspx?FamilyID=35f891ce-8a0d-4d25-abe1-ea45ec81b4e0

A brief summary of the fix from Microsoft:
This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message containing a specially crafted file to a user on an affected Exchange server. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

I’ve had one customer report that OWA was broken on his Exchange 2007 SP3 Server and he was able to uninstall and reinstall CU11. From the error message they reported, the fix would have been to reinstall RU12.

Advertisements

One thought on “Security Patch for Exchange Released

  1. Pingback: interesting things i have seen on the internet 30/12/2013 | 503 5.0.0 polite people say HELO

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s