Support Overview

Help Desk

Online Service Request

Emergency IT Support

Security Alerts

Computer Usage Tips

Microsoft Security Patches in MS13-061 Break Exchange 2013

On August 13th, Microsoft released eight security bulletins.  One of those bulletins (MS13-061), which contains KB articles 2874216 with a patch, is causing content index for mailbox databases to fail on Exchange 2013 servers, which prevents Exchange e-mail users from searching their mailboxes.

Microsoft removed the 2874216 updates for Microsoft Exchange Server 2013 on August 14th after they became aware that installing it causes problems. The problem caused by the patch does not occur in Exchange 2007 or 2010 environments, only 2013.

The patch for MS13-061 fixes multiple vulnerabilities related to attachment viewing for various file formats.  The vulnerabilities have a severity rating of critical with an exploitability ranking of 2, exploit code would be difficult to build.  These vulnerabilities have been publicly disclosed.  There are no publicly known exploits at this time.

We recommend following Microsoft's advice about this update.  If you have already installed the MS13-061 patch for Exchange Server 2013, follow the steps in KB 2879739 to resolve this issue.  If you have not installed the MS13-061 patch on your Exchange 2013 servers, do not install the patch.  If you wish hold off on installing the patch, you should consider disabling the attachment viewing feature that contains the vulnerabilities.  To mitigate the security vulnerability, following the workaround steps identified in the Vulnerability Information – Oracle Outside in Contains Multiple Exploitable Vulnerabilities section in Microsoft Security Bulletin MS13-061.

In addition, MS13-066/KB2873872/KB2843638/KB2843639/KB2868846 patches for Active Directory Federation Services have all been removed.  MS13-063/KB2859537 a Windows Kernel patch has not been removed, but users are reporting problems with certain games after they install the patch in KB2859537.

Patch Management

Just a month ago, we warned about the patch in MS13-057 breaking WMV file rendering and recommended not installing it.

If you allow Windows Automatic Update to install patches soon after Microsoft releases them, you are accepting the risk that those patches will cause problems such as these two recent patches.  Except for patches that solve vulnerabilities that are being actively exploited, we recommend waiting a few days and monitoring whether or not newly released patches are causing problems.  All of the problems with these  patches were found within a few days of being released and delaying the installation of the patches just a few days would avoid the problems caused by the patches.  Ideally you should test patches in a separate test environment that is as close to your live production environment as possible to see if they will cause problems with your specific applications.  We provide a patch management service where we monitor the effects of recently released patches and install patches only after we have not seen reports of undesirable affects of the patches.

More Information

The Exchange Team Blog: Exchange 2013 Security Update MS13-061 Status Update

SC Magazine: Microsoft removes Exchange 2013 patch after customers report snafus

nakedsecurity: Microsoft pulls critical Patch Tuesday fix for Exchange 2013

InfoWorld: Microsoft botches six Windows patches in latest Automatic Update

Microsoft Security Bulletin MS13-061

Professional Services

If you need assistance installing patches or a security assessment, IT Professional Services can help. Please contact us.

If you do not have a patch management system or one that patches common non-Microsoft products such as Flash Player or Java, ITPS has a patch management service that patches Microsoft and common non-Microsoft products.

Find out more about our Managed Care service.

To find out how vulnerable your network is schedule a free network security analysis today.

Privacy Policy

© 2009-2013 IT Professional Services All rights are reserved.  (805) 650-6030