Updated Release of MS13-061 Security Update for Exchange Server 2013

Few days ago we wrote about security update MS13-061, after installation it caused few errors in Exchange 2013 environment.

We wrote about this here:

Exchange 2013 Security Update MS13-061 not recommended to install

 

This security update was removed from Microsoft Download Center on 08/14/2013

Today Exchange Team released updated security updates for both Exchange 2013 RTM CU1 and Exchange 2013 RTM CU2.

 

You can download security update here:

 

As always we recommend to test updates in lab environment first.

More information you can find on Exchange Team Blog

Exchange 2013 Security Update MS13-061 not recommended to install

Few days ago Exchange Team relesed the first Security Update for Exchange 2013 (MS13-061).

This security update was rated as Critical and resolves three publicly disclosed vulnerabilities in Microsoft Exchange Server. The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).

More information you can find here:

Microsoft Security Bulletin MS13-061 – Critical

Unfortunately after some people reported issues after installing new security update for Exchange 2013 MS13-061  (KB2874216), Microsoft pulled it untill further notice.

Installation of new security update MS13-061 can breaks your installation of Exchange 2013 and you can experience the following symptoms:

  • The content index (CI) for mailbox databases shows “Failed” on the affected server.
  • The Microsoft Exchange Search Host Controller service is missing.
  • You see a new service that is named “Host Controller service for Exchange.”

 

So now it’s not recommended to install MS13-061 on Microsoft Exchange 2013 servers.

Continue reading