Moments ago, Microsoft released a bunch of Rollup Updates and (critical) security updates for Exchange:

  • Update Rollup 11 for Exchange Server 2007 SP3
  • Update Rollup 7 for Exchange Server 2010 SP2
  • Update Rollup 2 for Exchange Server 2010 SP3
  • Exchange Server 2013 RTM CU1 MSRC Security bulletin MS13-061
  • Exchange Server 2013 RTM CU2 MSRC Security bulletin MS13-061

By now, you should be familiar with the “traditional” way of how the Rollup Updates work for Exchange 2007 and 2010. New, however, are the security updates for Exchange 2013. As announced before, these security updates only have a limited scope within which they are supported.

As such, you’ll have to make sure that you are running either of the following Exchange 2013 versions:

  • Exchange 2013 RTM CU1
  • Exchange 2013 RTM CU2 v2

In case you’ve missed it: Yes, you need version 2 of CU2 for Exchange 2013 installed.

For more information on the updates, have a look at the original announcement here

Security Update MS13-061

It seems that Oracle is once to blame for the critical security update, which has already been announced a few days ago. As described on the Security Bulletin page, the vulnerability would allow to remotely execute code on your Exchange Servers.

In fact, there are multiple vulnerabilities of which 2 again have to do with WebReady Document viewing (just like earlier this year). The third vulnerability is because the feature called “Outside In” is used in DLP.

I haven’t had the opportunity to read more about it, but if you want the original announcement has been updated with more information:

Happy updating…!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s