Security updates for Exchange December 2013


Updated: 10 December.

As anticipated, Microsoft released a set of security bulletins on Tuesday, December 10. Among the set, MS13-105 addresses a number of vulnerabilities in Exchange 2007, 2010, and 2013. The following updates have been released:

These vulnerabilities are addressed in the updates:

The roll-up updates for Exchange 2007 and 2010 contain nothing more than these fixes. As such, they should be much simpler to deploy than a regular roll-up update. However, be sure to test before deploying the code into production environments.

You’ll notice that KB2880833 appears to be the knowledge base article that describes the MS13-105 fixes for both CU2 and CU3. However, the CU2 page leads to download 41487 whilst the CU3 download is number 41526. Applying the updates changes the version number for CU2 to build 712.031 while CU3 goes to 775.041.

Exchange 2013 uses a different servicing model which means that security updates are released separately to cumulative updates. Security updates for Exchange 2013 contain all previous security fixes, so MS13-105 contains the fixes previously provided in the infamous MS13-061 release (August 2013). You can install MS13-105 on top of MS13-061. More details about these updates are available on the EHLO blog.

Naturally, those running Exchange 2003 or earlier versions can ignore the security bulletins because you live in the land of dead software, or software that has ceased to exist in the eyes of Microsoft.

Of course, Exchange doesn’t exist in a vacuum and the other security bulletins released today affect other products such as Windows 8, Windows Server 2012, and Office, so there are lots of updates to be done.

Follow Tony @12Knocksinna


About Tony Redmond

Lead author for the Office 365 for IT Pros eBook and writer about all aspects of the Office 365 ecosystem.
This entry was posted in Email, Exchange, Exchange 2010, Exchange 2013 and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.