All the latest UK technology news, reviews and analysis


Microsoft pulls critical Exchange Server 2013 security patch

15 Aug 2013
signage-microsoft

Microsoft has pulled a critical security update for its Exchange Server, following reports it blocked users from searching the email inbox.

Microsoft's director of Test Ross Smith revealed the recall in a blog post, confirming that the patch will be re-released once the search issue is resolved.

"Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed," he wrote. "Due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily."

Smith said the issue does not affect Exchange 2010 or Exchange 2007 and Microsoft has already released a workaround for businesses that have already installed the update. "If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue," he wrote.

He added that those who have not installed the update should use a workaround to plug the security flaw. "If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time," he wrote.

"To mitigate the security vulnerability, we recommend following the workaround steps identified in the 'Vulnerability Information – Oracle Outside In Contains Multiple Exploitable Vulnerabilities' section in Microsoft Security Bulletin MS13-061."

The security patch was released on Tuesday alongside other critical fixes for vulnerabilities in Microsoft's Internet Explorer and Unicode Scripts Processor services. Commentators in the security community have listed the recall as a semi-serious issue. Director of security research at Trustwave, Ziv Mador, said the nature of the vulnerability means hackers will inevitably try to take advantage of the delay, calling for businesses to use the workaround.

"Seeing as this is a critical update and that could result in remote code execution and that the patch has already been made available, even if for a short time, you have to assume that the bad guys are actively working on exploit code for this issue," he said.

"Microsoft thankfully included a workaround in the original Security Bulletin for this problem, which could help mitigate things until Microsoft can reissue the patch. It involves issuing some PowerShell commands on the server, which are detailed in the Security Bulletin."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
9%
9%
3%
65%
14%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Infrastructure Analyst - Network

Infrastructure Analyst - £38K + Car Allowance + Hertfordshire...

Marketing Executive - Financial Software

Marketing Executive - Financial Software Location...

Senior Intergration Analyst

Senior Integration Analyst High Wycombe, Buckinghamshire...

Head of Project Management

Our client is looking for a an experienced Project Manager...
To send to more than one email address, simply separate each address with a comma.