Security updates for Exchange December 2013


CU3Security

Updated: 10 December.

As anticipated, Microsoft released a set of security bulletins on Tuesday, December 10. Among the set, MS13-105 addresses a number of vulnerabilities in Exchange 2007, 2010, and 2013. The following updates have been released:

These vulnerabilities are addressed in the updates:

The roll-up updates for Exchange 2007 and 2010 contain nothing more than these fixes. As such, they should be much simpler to deploy than a regular roll-up update. However, be sure to test before deploying the code into production environments.

You’ll notice that KB2880833 appears to be the knowledge base article that describes the MS13-105 fixes for both CU2 and CU3. However, the CU2 page leads to download 41487 whilst the CU3 download is number 41526. Applying the updates changes the version number for CU2 to build 712.031 while CU3 goes to 775.041.

Exchange 2013 uses a different servicing model which means that security updates are released separately to cumulative updates. Security updates for Exchange 2013 contain all previous security fixes, so MS13-105 contains the fixes previously provided in the infamous MS13-061 release (August 2013). You can install MS13-105 on top of MS13-061. More details about these updates are available on the EHLO blog.

Naturally, those running Exchange 2003 or earlier versions can ignore the security bulletins because you live in the land of dead software, or software that has ceased to exist in the eyes of Microsoft.

Of course, Exchange doesn’t exist in a vacuum and the other security bulletins released today affect other products such as Windows 8, Windows Server 2012, and Office, so there are lots of updates to be done.

Follow Tony @12Knocksinna

Advertisements

About Tony Redmond ("Thoughts of an Idle Mind")

Exchange MVP, author, and rugby referee
This entry was posted in Email, Exchange, Exchange 2010, Exchange 2013 and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s