Exchange 2013 Security Update MS13-061 not recommended to install

Few days ago Exchange Team relesed the first Security Update for Exchange 2013 (MS13-061).

This security update was rated as Critical and resolves three publicly disclosed vulnerabilities in Microsoft Exchange Server. The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).

More information you can find here:

Microsoft Security Bulletin MS13-061 – Critical

Unfortunately after some people reported issues after installing new security update for Exchange 2013 MS13-061  (KB2874216), Microsoft pulled it untill further notice.

Installation of new security update MS13-061 can breaks your installation of Exchange 2013 and you can experience the following symptoms:

  • The content index (CI) for mailbox databases shows “Failed” on the affected server.
  • The Microsoft Exchange Search Host Controller service is missing.
  • You see a new service that is named “Host Controller service for Exchange.”


So now it’s not recommended to install MS13-061 on Microsoft Exchange 2013 servers.

Continue reading