1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

MS13-061 - Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code...

Discussion in 'Security Updates' started by Microsoft Security, Aug 13, 2013.

  1. Microsoft Security

    Microsoft Security Guest

    Severity Rating: Critical
    Revision Note: V1.0 (August 13, 2013): Bulletin published.
    Summary: This security update resolves three publicly disclosed vulnerabilities in Microsoft Exchange Server. The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing uses the credentials of the LocalService account. The Data Loss Prevention feature hosts code that could allow remote code execution in the security context of the Filtering Management service if a specially crafted message is received by the Exchange server. The Filtering Management service in Exchange uses the credentials of the LocalService account. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

    View the full article
     
    Microsoft Security, Aug 13, 2013
    #1

Share This Page