All the latest UK technology news, reviews and analysis


Microsoft pulls critical Exchange Server 2013 security patch

15 Aug 2013
signage-microsoft

Microsoft has pulled a critical security update for its Exchange Server, following reports it blocked users from searching the email inbox.

Microsoft's director of Test Ross Smith revealed the recall in a blog post, confirming that the patch will be re-released once the search issue is resolved.

"Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed," he wrote. "Due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily."

Smith said the issue does not affect Exchange 2010 or Exchange 2007 and Microsoft has already released a workaround for businesses that have already installed the update. "If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue," he wrote.

He added that those who have not installed the update should use a workaround to plug the security flaw. "If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time," he wrote.

"To mitigate the security vulnerability, we recommend following the workaround steps identified in the 'Vulnerability Information – Oracle Outside In Contains Multiple Exploitable Vulnerabilities' section in Microsoft Security Bulletin MS13-061."

The security patch was released on Tuesday alongside other critical fixes for vulnerabilities in Microsoft's Internet Explorer and Unicode Scripts Processor services. Commentators in the security community have listed the recall as a semi-serious issue. Director of security research at Trustwave, Ziv Mador, said the nature of the vulnerability means hackers will inevitably try to take advantage of the delay, calling for businesses to use the workaround.

"Seeing as this is a critical update and that could result in remote code execution and that the patch has already been made available, even if for a short time, you have to assume that the bad guys are actively working on exploit code for this issue," he said.

"Microsoft thankfully included a workaround in the original Security Bulletin for this problem, which could help mitigate things until Microsoft can reissue the patch. It involves issuing some PowerShell commands on the server, which are detailed in the Security Bulletin."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
21%
4%
44%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Application Support Engineer (C++, SQL, RDBMS, .NET, VB, Perl)

Application Support Engineer (C++, SQL, RDBMS, .NET...

Software Developer -Mobile Gaming

We are looking to expand our core technical team with...

Trainee 1st Line IT Support Engineer/Technician

Trainee 1st Line IT Support Engineer/Technician Learning...

Test Engineer

Test Engineer Summary As a Test Engineer you...
To send to more than one email address, simply separate each address with a comma.