Microsoft withdraws security patch for Active Directory
Posted by: Timothy Weaver on 08/20/2013 11:30 AM
[
Comments
]
Microsofts first attempt to patch a flaw in their Active Directory Federation Services technology was a bust. The original update, MS13-066, caused stability problems. Microsoft plans to publish a second patch for the system.
"As the vulnerability it was attempting to fix had only been privately reported, and was not believed to be being exploited in the wild, itβs possible that the fix had actually turned into a bigger problem than the one it was attempting to solve β on Windows Server 2008 systems at least," notes security watcher Graham Cluley.
The update addresses three vulnerabilities in Microsoft Exchange that stem from bugs in the third-party library Outside In; this is licensed from Oracle and allows Web Access users to view PDF files and such stuff. Exchange Server 2013 users are advised to turn off the functionality as a workaround pending the availability of a working security update.
"As the vulnerability it was attempting to fix had only been privately reported, and was not believed to be being exploited in the wild, itβs possible that the fix had actually turned into a bigger problem than the one it was attempting to solve β on Windows Server 2008 systems at least," notes security watcher Graham Cluley.
The update addresses three vulnerabilities in Microsoft Exchange that stem from bugs in the third-party library Outside In; this is licensed from Oracle and allows Web Access users to view PDF files and such stuff. Exchange Server 2013 users are advised to turn off the functionality as a workaround pending the availability of a working security update.
Comments
