Microsoft has pulled one of its critical updates from this week’s Patch Tuesday list of fixes, as it was corrupting mailbox databases for Exchange Server 2013 users.
The update was supposed to fix three publicly disclosed vulnerabilities in the WebReady Document Viewing and Data Loss Prevention features of Exchange Server. Microsoft has pulled it thanks to the errors it was causing, and has offered a workaround.
“Seeing as this is a critical update and that could result in remote code execution and that the patch has already been made available, even if for a short time, you have to assume that the bad guys are actively working on exploit code for this issue,” said Ziv Mador, director of security research at Trustwave.
Microsoft has included its workaround in an updated advisory, which you can find here.
On Tuesday, Microsoft released eight security updates, three of them rated critical, the rest important. That covered 23 vulnerabilities, covering Windows, Internet Explorer and Exchange.
Users have been advised to update all products, but focus in particular on the 11 Internet Explorer flaws, as experts fear they could easily be exploited.
The other key update to focus on is MS13-060, a flaw in the Unicode Scripts Processor in Windows XP and Windows Server 2003, which “could allow remote code execution if a user viewed a specially crafted document or webpage with an application that supports embedded OpenType fonts”.
Are you a security expert? Try our quiz!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…