LANDesk Patch News Bulletin: Microsoft has Re-released MS13-061 to Reoffer Exchange Server 2013 Cumulative Updates 28-AUG-2013

Version 1

    LANDesk Security and Patch News

     

    Headlines

    • (August 28, 2013) Microsoft has updated MS13-061 to reoffer 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2.

     

    • This security update resolves three publicly disclosed vulnerabilities in Microsoft Exchange Server. The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing uses the credentials of the LocalService account. The Data Loss Prevention feature hosts code that could allow remote code execution in the security context of the Filtering Management service if a specially crafted message is received by the Exchange server. The Filtering Management service in Exchange uses the credentials of the LocalService account. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

     

     

           

    New Vulnerabilities

    • Vulnerability ID – MS13-061v2

     

    Changed Vulnerabilities

    • Vulnerability ID – MS13-061

    (Added the replacement information. This vulnerability definition will remain available until September 11, 2013, after that date it will be removed.)

     

     

    New Patch Downloads

    • cu1_exchange2013-kb2874216-v2-x64-en.msp
    • cu2_exchange2013-kb2874216-v2-x64-en.msp

     

    Where to Send Feedback

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.

     

    Best regards,

    LANDesk Product Support

     

    Copyright © 2013 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

     

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.landesk.com.