Caution With MS13-061 !!

Patch3Microsoft has pulled its MS13-061 Exchange patch.  After reports of content damage to Exchange Server 2013 after deployment, Microsoft has withdrawn the MS13-061 update for Exchange Server released this past Tuesday.  MS013-61 is very important because it allows someone to send an email and get arbitrary code to run on the Exchange server itself.  It’s already publicly disclosed so expect the bad guys to move on this quickly.

Problems do not affect Exchange Server 2007 or 2010 and Microsoft says that those versions can proceed with testing and deployment.  In the meantime, they have removed the patch from Windows Update and other distribution systems.

Knowledge Base article KB2874216 explains the problem in more detail and provides remediation guidance.

Problems:

  • The content index (CI) for mailbox databases shows “Failed” on the affected server.
  • The Microsoft Exchange Search Host Controller service is missing.
  • You see a new service that is named “Host Controller service for Exchange.”

The KB article describes 2 registry key changes to make. After rebooting the server, the problem should be bypassed.

That is 2 months in a row that MS has pulled a buggy patch back from distribution.

OpenX Ad Server Source Compromised

Weak LinkOpenX is a tool used by hosting providers and webpage developers to provide ads on webpages.  Rotating banner ads have been an attack vector that has been quite popular and effective in the recent past.  This is probably one reason why.

An announcement this week from the OpenX ad server team noted that a backdoor had recently been discovered in their official source code distributions, that has been present since November 2012.  This vulnerability only applies to the free downloadable open source product, OpenX Source.

Exploitation is occurring in the wild, with attacks consisting of simple POST requests to a specific file that allows for remote code execution on the affected server. Users are urged to follow instructions being provided by the community for checking their servers, and rebuilding any that are impacted immediately.

References: