|
Microsoft Security Patches in MS13-061 Break Exchange 2013
08/15/2013
On August 13th, Microsoft released eight security bulletins.
One of those bulletins (MS13-061), which contains KB articles 2874216
with a patch, is causing content index for mailbox databases to fail on
Exchange 2013 servers, which prevents Exchange e-mail users from
searching their mailboxes.
Microsoft removed
the 2874216 updates for Microsoft Exchange Server 2013 on August 14th
after they became aware that installing it causes problems. The problem
caused by the patch does not occur in Exchange 2007 or 2010
environments, only 2013.
The patch for
MS13-061 fixes multiple vulnerabilities related to attachment viewing
for various file formats. The vulnerabilities have a severity
rating of critical with an exploitability ranking of 2, exploit code
would be difficult to build. These vulnerabilities have been publicly disclosed. There are no publicly known exploits at this
time.
We
recommend following Microsoft's advice about this update. If you
have already installed the MS13-061 patch for Exchange Server 2013,
follow the steps in KB 2879739
to resolve this issue. If you have not installed the MS13-061
patch on your Exchange 2013 servers, do not install the patch. If
you wish hold off on installing the patch, you should consider
disabling the attachment viewing feature that contains the
vulnerabilities. To mitigate the security vulnerability,
following the workaround steps identified in the Vulnerability
Information – Oracle Outside in Contains Multiple Exploitable
Vulnerabilities section in Microsoft Security Bulletin MS13-061.
In addition, MS13-066/KB2873872/KB2843638/KB2843639/KB2868846 patches for Active Directory Federation Services have all been removed. MS13-063/KB2859537
a Windows Kernel patch has not been removed, but users are reporting
problems with certain games after they install the patch in KB2859537.
Patch Management
Just a month ago, we warned about the patch in MS13-057 breaking WMV file rendering and recommended not installing it.
If you allow Windows Automatic
Update to install patches soon after Microsoft releases them, you are
accepting the risk that those patches will cause problems such as these
two recent patches. Except for patches that solve vulnerabilities
that are being actively exploited, we recommend waiting a few days and
monitoring whether or not newly released patches are causing
problems. All of the problems with these patches were found
within a few days of being released and delaying the installation of
the patches just a few days would avoid the problems caused by the
patches. Ideally you should test patches in a separate test
environment that is as close to your live production environment as
possible to see if they will cause problems with your specific
applications. We provide a patch management service
where we monitor the effects of recently released patches and install
patches only after we have not seen reports of undesirable affects of
the patches.
More Information
The Exchange Team Blog: Exchange 2013 Security Update MS13-061 Status Update
SC Magazine: Microsoft removes Exchange 2013 patch after customers report snafus
nakedsecurity: Microsoft pulls critical Patch Tuesday fix for Exchange 2013
InfoWorld: Microsoft botches six Windows patches in latest Automatic Update
Microsoft Security Bulletin MS13-061
Professional Services
If you need assistance installing patches or a security assessment, IT Professional
Services can help. Please contact us.
If you do not
have a patch management system or one that patches common
non-Microsoft products such as Flash Player or Java, ITPS has a patch
management service that patches Microsoft and common non-Microsoft products.
Find
out more about our Managed
Care service.
To find out how vulnerable your network is
schedule a free network security analysis today.
|
