- SMB Spotlight
Microsoft has pulled a critical security update for its Exchange Server, following reports it blocked users from searching the email inbox.
Microsoft's director of Test Ross Smith revealed the recall in a blog post, confirming that the patch will be re-released once the search issue is resolved.
"Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed," he wrote. "Due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily."
Smith said the issue does not affect Exchange 2010 or Exchange 2007 and Microsoft has already released a workaround for businesses that have already installed the update. "If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue," he wrote.
He added that those who have not installed the update should use a workaround to plug the security flaw. "If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time," he wrote.
"To mitigate the security vulnerability, we recommend following the workaround steps identified in the 'Vulnerability Information – Oracle Outside In Contains Multiple Exploitable Vulnerabilities' section in Microsoft Security Bulletin MS13-061."
The security patch was released on Tuesday alongside other critical fixes for vulnerabilities in Microsoft's Internet Explorer and Unicode Scripts Processor services. Commentators in the security community have listed the recall as a semi-serious issue. Director of security research at Trustwave, Ziv Mador, said the nature of the vulnerability means hackers will inevitably try to take advantage of the delay, calling for businesses to use the workaround.
"Seeing as this is a critical update and that could result in remote code execution and that the patch has already been made available, even if for a short time, you have to assume that the bad guys are actively working on exploit code for this issue," he said.
"Microsoft thankfully included a workaround in the original Security Bulletin for this problem, which could help mitigate things until Microsoft can reissue the patch. It involves issuing some PowerShell commands on the server, which are detailed in the Security Bulletin."