All the latest UK technology news, reviews and analysis

Microsoft pulls critical Exchange Server 2013 security patch

15 Aug 2013

Microsoft has pulled a critical security update for its Exchange Server, following reports it blocked users from searching the email inbox.

Microsoft's director of Test Ross Smith revealed the recall in a blog post, confirming that the patch will be re-released once the search issue is resolved.

"Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed," he wrote. "Due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily."

Smith said the issue does not affect Exchange 2010 or Exchange 2007 and Microsoft has already released a workaround for businesses that have already installed the update. "If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue," he wrote.

He added that those who have not installed the update should use a workaround to plug the security flaw. "If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time," he wrote.

"To mitigate the security vulnerability, we recommend following the workaround steps identified in the 'Vulnerability Information – Oracle Outside In Contains Multiple Exploitable Vulnerabilities' section in Microsoft Security Bulletin MS13-061."

The security patch was released on Tuesday alongside other critical fixes for vulnerabilities in Microsoft's Internet Explorer and Unicode Scripts Processor services. Commentators in the security community have listed the recall as a semi-serious issue. Director of security research at Trustwave, Ziv Mador, said the nature of the vulnerability means hackers will inevitably try to take advantage of the delay, calling for businesses to use the workaround.

"Seeing as this is a critical update and that could result in remote code execution and that the patch has already been made available, even if for a short time, you have to assume that the bad guys are actively working on exploit code for this issue," he said.

"Microsoft thankfully included a workaround in the original Security Bulletin for this problem, which could help mitigate things until Microsoft can reissue the patch. It involves issuing some PowerShell commands on the server, which are detailed in the Security Bulletin."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Microsoft Azure outage

Is cloud computing reliable enough for business yet?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Financial Consultant - Liquidity

Purpose of The Role To support Treasury department...

Senior Mobile Web Developer- London, .Net, Mobile

Senior Mobile Web Developer- London, C#, .Net, Mobile...

MongoDB Development Lead (MEAN Stack)

My Client, one of the world’s largest online super powers...

Linux System Administrator

Job purpose To support the Operations manager in resolving...
To send to more than one email address, simply separate each address with a comma.