MS13-105: Vulnerabilities in Microsoft Exchange Server could allow remote code execution: December 10, 2013

<html><body><p>Resolves vulnerabilities in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message that contains a specially crafted file to a user on an affected Exchange server.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS13-105. To view the complete security bulletin, go to one of the following Microsoft websites: <ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://technet.microsoft.com/security/bulletin/ms13-105” target=“_self”>http://technet.microsoft.com/security/bulletin/MS13-105</a></div></li></ul><h3>How to obtain help and support for this security update</h3>Help installing updates:<br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals:<br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your Windows-based computer from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country:<br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></div><h2>More Information</h2><div><h3>Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.<br /><ul><li><div><a href=“https://support.microsoft.com/en-us/help/2880833”>2880833 </a> Security issue that is described in Security Bulletin MS13-105 is resolved by an Exchange Server update </div></li><li><div><a href=“https://support.microsoft.com/en-us/help/2905616”>2905616 </a> Description of Update Rollup 4 for Exchange Server 2010 Service Pack 3 </div></li><li><div><a href=“https://support.microsoft.com/en-us/help/2903911”>2903911 </a> Description of Update Rollup 12 for Exchange Server 2007 Service Pack 3 </div></li><li><div><a href=“https://support.microsoft.com/en-us/help/2903903”>2903903 </a> Description of Update Rollup 8 for Exchange Server 2010 Service Pack 2 </div><br /><br />Known issues in security update 2903903:<br /><ul><li>After you install Update Rollup 8 for Microsoft Exchange Server 2010 Service Pack 2 (KB2903903) from Microsoft Update and then try to uninstall the update, you may receive an error message that resembles the following:<br /><br /><br /><br /><div>Error reading from file Drive:\Setup\ServerRoles\TransportRoles&lt;Folder Name>\Hygiene\ASDat.MSI. Verify that the file exists and that you can access it.<br /></div><br /><br />For more information, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2917865”>2917865 </a> “Error reading from file” message when you try to uninstall Update Rollup 8 for Exchange Server 2010 Service Pack 2 (KB2903903)</div></li></ul></li></ul></div><h2></h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Exchange2007-KB2903911-x64-DE.msp</td><td>C42C6BB19498124EC6ADF3A5FF8D120B0741D040</td><td>DFFB5D4055D1B19DC376315022DA50CB736BB34D2E9B6995C2F7A04C63C5B989</td></tr><tr><td>Exchange2007-KB2903911-x64-EN.msp</td><td>41C90E2E6CC0ED2DE860EB88D7B3D98D0594F7B2</td><td>60FE122021A9AD6C54FAB81D145A03DBA6BF2160AF8998F521F157CF5FDAA181</td></tr><tr><td>Exchange2007-KB2903911-x64-ES.msp</td><td>40A16153ED318235EA3FCF5714095C1775E4518E</td><td>8458C7F0391E9CCF19BD24DB5EB9F36793845DE9449449CB02E42062DCAE737E</td></tr><tr><td>Exchange2007-KB2903911-x64-FR.msp</td><td>55A74F08DB1342B20D6B569EA78E91409259A57D</td><td>FB9B3C418CFEF7298C6814DE341B60F91F3E171E539CF6CF97E866CF84A45EAF</td></tr><tr><td>Exchange2007-KB2903911-x64-IT.msp</td><td>53BF4D0E0501FD112E2BCDF9E301E7372763DB9E</td><td>05931BA600B17F67F39332A332D52F007EB66D984D20C553D08D167B90A05EE9</td></tr><tr><td>Exchange2007-KB2903911-x64-JA.msp</td><td>DE7E7FFF32237037C810760AC93E6006CEE1B769</td><td>E018E9D95E6C6B23B9DB69F28E515CC5465B26A361CBDEC38C6864A6779BC43E</td></tr><tr><td>Exchange2007-KB2903911-x64-KO.msp</td><td>EBEFB1EB47B79C21AD9F57EA4DD43A00D7EE846D</td><td>813FEF25496B01F38CEC6E12467D125478A00B02BCC745948F03C7C5F7B81469</td></tr><tr><td>Exchange2007-KB2903911-x64-PT.msp</td><td>85A47C68AD9E5C3AC05E16E858DA3B20715A50F9</td><td>FA3F22D89CD0E5022FE8BF77DF79080F783D51FD948C0CE28550D2E80DC6D297</td></tr><tr><td>Exchange2007-KB2903911-x64-RU.msp</td><td>E49F4CC8AA6D55F15935A1963B41E33B36FDC116</td><td>ECDF256FFCEFA2FDE49DE3FB2188A400D0D22E78D3D3D28C110C87B4FB57BA2F</td></tr><tr><td>Exchange2007-KB2903911-x64-ZH-CHS.msp</td><td>966607218F60471449931875BD60BE597AE33C7B</td><td>5943711E5834ED397E7D6BC2BCC2C5447D258024FA47406B3EFE88FA541F7331</td></tr><tr><td>Exchange2007-KB2903911-x64-ZH-CHT.msp</td><td>36F4A38E57B492D91B4FE39432B6EE92206DBA55</td><td>ACFA116FB7ED48D1CCEBE862A0E076C0F048522CD24CF84ED68684D578651418</td></tr><tr><td>Exchange2007-KB2903911-x86-DE.msp</td><td>264FCC688A975BE4D16E765B187E8A15A3E62FE8</td><td>64EC9B0153E7CF2EFF3769F187D279AA3B02F1A090C4D0464B328ED26E1C4E02</td></tr><tr><td>Exchange2007-KB2903911-x86-EN.msp</td><td>137F1DEC7F958EA1F424863780771E10B7589D73</td><td>A3BCAAC5E02AB17052F32DF8919857ED5B487167D0660CC74515D638CC64C45A</td></tr><tr><td>Exchange2007-KB2903911-x86-ES.msp</td><td>CAF503B30BB7ED9F30CA3741224B9BA5E2EF627E</td><td>E2FFAAAF7BFE6A3697351CBE61572C87A202979A42F7B2883B89C4EDFB514081</td></tr><tr><td>Exchange2007-KB2903911-x86-FR.msp</td><td>2AFF22F328763A8411D4DCA796DABFEB6EA1DCBB</td><td>C7B09773A5360C0B61655585980CEACDD9E791AF82C53E9C6C793C1B53B55D9C</td></tr><tr><td>Exchange2007-KB2903911-x86-IT.msp</td><td>9A103E242A7F7A1399E74838F7F886FB3D4BC0CA</td><td>5992D23DD7CDFBFD11C3591B9286864656CCBE2D1FD235A1F867B32038A715AE</td></tr><tr><td>Exchange2007-KB2903911-x86-JA.msp</td><td>67FDB1E0D34505E3F3D1E36CBC3AC67B5B035470</td><td>04BBFC1F5228DA011770E13C038FA62AE696F3D0D4F0C62EFFC31E91D226F6AC</td></tr><tr><td>Exchange2007-KB2903911-x86-KO.msp</td><td>E29514F85093B63E1DBC4AA3577F97ED6F7DD0E3</td><td>FC3E494BFA09FD247FBD92F89023BDFCB48F6F7CA139371359D2178D21EAE2ED</td></tr><tr><td>Exchange2007-KB2903911-x86-PT.msp</td><td>340222416A26AF79FB24DD469732688DB340ED62</td><td>12997444FA6909FB93CFD6749CFECF8FD9EDB175851F19C356647056BDF99216</td></tr><tr><td>Exchange2007-KB2903911-x86-RU.msp</td><td>3CB018413FF23DE0A7F179FB2FEFE6A851076093</td><td>FD08B811CE3D12C6BB16CF5CDDB1D40AE0A9123DBDDF660DB0B5FBA0331E1723</td></tr><tr><td>Exchange2007-KB2903911-x86-ZH-CHS.msp</td><td>72DA0F86674D720AEC814F9D69A6560EECB8EF37</td><td>1E0E486C0E14F19082C9843850D54FAB4CDCED78485D06B6FC3D29413B2C98C2</td></tr><tr><td>Exchange2007-KB2903911-x86-ZH-CHT.msp</td><td>0ABE5C1B1F4E8920D04F54EF62D2533387EB97C3</td><td>9DEF1DEDA61460F74709568ADEFB0A610A43987E312A49498C3BAD6786F3C0D1</td></tr><tr><td>Exchange2010-KB2903903-x64-ar.msp</td><td>FECB9048BE350CBE7A24B3058BE72DA7F44CA3A9</td><td>91E2F8955D5C680655BB0FD42C9D03D2F4C9377F56C73BF6744F1A78D94B0498</td></tr><tr><td>Exchange2010-KB2903903-x64-de.msp</td><td>F59652E169479F9F90DC5B8C369A2BFD1A0A7DCB</td><td>E203DFE6617E76B601670E5C0E8B1C16DFB532651EE308BA605BB70780518C20</td></tr><tr><td>Exchange2010-KB2903903-x64-en.msp</td><td>C38200B67D2A3EB94933B44044EDB93D87641A32</td><td>ACEE2B3895B158189255B77988E5C72AEA54E650C47EC275479E9D686463B774</td></tr><tr><td>Exchange2010-KB2903903-x64-es.msp</td><td>34263763A53E8ECE0415E8058E5BAE9641F36196</td><td>8F9AA4F34CC68F62DC45E1672C7D79B90AF0A172B883758D3E88F951528ADFE7</td></tr><tr><td>Exchange2010-KB2903903-x64-fr.msp</td><td>BACF7ABA981CBCC3F66CB25E80E56AD3AE06F300</td><td>0166CE4532722138A5EF2280E4BDB17AA78955111C5F92566F9A6DC5B062605D</td></tr><tr><td>Exchange2010-KB2903903-x64-he.msp</td><td>A08321FC604A9694E9DF76280D0EBA9F67391E30</td><td>D1E5B84522D04711A8B5F2434478D96BD7DDD575D27000FBD4C22DEDAF04B242</td></tr><tr><td>Exchange2010-KB2903903-x64-it.msp</td><td>65BF4E2C388DB1620D220086E0128677FDB46676</td><td>16A07EFC0361AA882AD2DB2756B1FD0AE5775F6F3E874AEE6D86BA3A13DE82E5</td></tr><tr><td>Exchange2010-KB2903903-x64-ja.msp</td><td>F3C0E5DE3AEB89AC745BD585EF6D27120D4E02F3</td><td>B1A6C7928D3F51A169ABD0F9612CB3BD84C700F0ADB5617CA224FD367EE070F0</td></tr><tr><td>Exchange2010-KB2903903-x64-ko.msp</td><td>D6862721E992FFEE7F2484116A850FBE12D56A29</td><td>D15F3A1495393E4B347BC91A79CBEBCBA2C4AE1EF4098CF5BC470E3CFD1E7DC4</td></tr><tr><td>Exchange2010-KB2903903-x64-pt.msp</td><td>5E3A159D0F6F67C085C69F917CA6E89DA1C8C450</td><td>A8D855A3BC714087EEFA1EA510FC7ACC93C4C13D818B778C6880794273E9F092</td></tr><tr><td>Exchange2010-KB2903903-x64-ru.msp</td><td>82907F24ED85FCA800B652D5F51BB8D0CB4DC0C7</td><td>9B22A2BD18FBC728D98BF39B48A58B6F3AAB6F5C7AD3542B86B99FEC2E91B54F</td></tr><tr><td>Exchange2010-KB2903903-x64-zh-hans.msp</td><td>874D706A5DC48C404ABDC2DC03F2CE811BAA4794</td><td>18A90242C59246E3B6ABC54F47E692D18E8A31D14E0D72E458C842AD99FD8626</td></tr><tr><td>Exchange2010-KB2903903-x64-zh-hant.msp</td><td>7B62C5AE3B5953C3B64DE694E35327820E71C6D8</td><td>409E897B72E7FB26EC6A4F1EDF781A8D9B744E89CA194185A1C5795160A98C56</td></tr><tr><td>Exchange2010-KB2905616-x64-ar.msp</td><td>68B5FEA48D5453E951F8B98A04E0707B6C83E179</td><td>63CB0592CCE7DBF871C275C4A38AE29493DA2E66AC4AEBCA4822A99A7BE1A9A0</td></tr><tr><td>Exchange2010-KB2905616-x64-de.msp</td><td>7AA2595DB36C47224D4F6F5593B56D931B9CE797</td><td>368A66591444C574E1ED13C4813025A962590D8B9F68864F2EB25A501A7A7375</td></tr><tr><td>Exchange2010-KB2905616-x64-en.msp</td><td>F08CF10C238A499D24CDC68DCA69EB50933799B5</td><td>5489B6A6087743E380A38FFF832B5853D06185A5513D224FE658D535BBA5AF2B</td></tr><tr><td>Exchange2010-KB2905616-x64-es.msp</td><td>6FC48F39E4A3A8248BC45A53D547B0927084AF62</td><td>5E9ADA91EAF58DDA3D9E92F82D42A5B63B2480E3E26B43331868993BEF91506D</td></tr><tr><td>Exchange2010-KB2905616-x64-fr.msp</td><td>CFB2C2C56FDC7D85C8B7D15BECEC7A56CBE5D436</td><td>69B8C6429B096C62546BBFB7FF1CAA9021B47FEB375DCBFBFA13E71A9096CFE3</td></tr><tr><td>Exchange2010-KB2905616-x64-he.msp</td><td>6AEC41B2AD0A720ED5C0F83DB1242436FA52838D</td><td>60D36E3E1042F7D9849889D19AC511D3C549645D0F1BA44CFB1BF52610F1AA5B</td></tr><tr><td>Exchange2010-KB2905616-x64-it.msp</td><td>8A457336F3CEB5092F915BAE8EF3F1D79061B662</td><td>9CFC19E06C8A5AC53CB37848760739367C57389870C658E4E53881D7E2B8862C</td></tr><tr><td>Exchange2010-KB2905616-x64-ja.msp</td><td>08AC1BEAD991C79B319FA9EBA3FFD5A32DD26B1B</td><td>76FEEEF362CB92D9D395E508558561738FC37ADD0E04F8DC9BDE95A44B5DC0C9</td></tr><tr><td>Exchange2010-KB2905616-x64-ko.msp</td><td>4B45740C26BDB2B0146985E104246809C4C14260</td><td>CB9ACB4CA3B6B80C2D8B54093090B98244049B2AA5A50A24C7A9418FEC9B980F</td></tr><tr><td>Exchange2010-KB2905616-x64-pt.msp</td><td>9FB4BF3202BD54D3427735A2846A4D2771BA6075</td><td>B5191819BB8CF48F6040F0751BF2771E5F8576F3F2409CE94B1568100FC3F6F2</td></tr><tr><td>Exchange2010-KB2905616-x64-ru.msp</td><td>5510A5E9B793BD0D41783144D583B911D6075830</td><td>306C48458645D9CC2E842FAB2FF29FB71A64AA721793C647D7CA4B326516A60A</td></tr><tr><td>Exchange2010-KB2905616-x64-zh-hans.msp</td><td>83D400773BC31D1D64567879791EA6253953F430</td><td>717ADE26CA44BF4792B48F1097096073CF55D66DBA797339FD8552F7472E8157</td></tr><tr><td>Exchange2010-KB2905616-x64-zh-hant.msp</td><td>9141C21C6797E5B6F79C95481372D26A4CC0CDD6</td><td>D54CF100E9CA5567398211A3026BAAAB862567374549830E77989EAE9242FA9E</td></tr></table></div> Exchange 2013 cumulative update 2 <br /><div><table><tr><td>Exchange2013-KB2880833-x64-de.msp</td><td>494C9183E7FE8AA68C5084AD17A107AC06FAE3B8</td><td>D9750D44B4C00DE9F9BB05B608C3F0EF8F30AA36A729BDDA5FB72791D06A3893</td></tr><tr><td>Exchange2013-KB2880833-x64-en.msp</td><td>10B7E5473CEB46E03DCA9EBF94233A7D1EE3D81C</td><td>7E729DA2B0D807EAF86DA420AC15F1ACEE72579C940EFB2B86BE41B9446A42F3</td></tr><tr><td>Exchange2013-KB2880833-x64-es.msp</td><td>0C0E2D1685FA866A98C8D39F174830708CB8F1B4</td><td>9ABF7D5F8A479597E6F52EF0D8C5A001D8AEA25FCB5DC4CE422E3C8FD562E42B</td></tr><tr><td>Exchange2013-KB2880833-x64-fr.msp</td><td>CC6CABC9C86551C03D609741860C186BF082BE58</td><td>8F98F062052A1AAC28C4F04FC1717C43169CC9BD08944F89338D8753BD6E8249</td></tr><tr><td>Exchange2013-KB2880833-x64-it.msp</td><td>98897BD9E9CF54AF9D2DB2CAE1F8FEA810521BF0</td><td>78B9182747F38EA3B2A05B0452938ED793D06ECB92F3C145F830AFF6B6C64E65</td></tr><tr><td>Exchange2013-KB2880833-x64-ja.msp</td><td>BCDF6BD0C24A1115E60EA4DABCBC0ECB23A5CC80</td><td>5F2440402DC5167FE30EF5C07C44A9E0FBA02344A842E9DAD1E5BCBA761D52A7</td></tr><tr><td>Exchange2013-KB2880833-x64-ko.msp</td><td>7955EF78B57E198FFDECDB9856FF742800F41EDD</td><td>E2F204A5298B715D49E13CA99BBA034BBA059F1B48AB8BA55EC14FE17CA17D3F</td></tr><tr><td>Exchange2013-KB2880833-x64-pt.msp</td><td>831E0625C90CC0AF73311ED54A817703F5933AB4</td><td>D1B69BF2DEB5E0642228C6A5EE44A14C6750ED68591A1A7CB445B7DD7FDDE179</td></tr><tr><td>Exchange2013-KB2880833-x64-ru.msp</td><td>057B092F18DDA79F486311B9588FEA7823439B4A</td><td>360131BB82B1149F8472A236635B2ABA02F0B72CEF9D51D65CD90A7D8C3DC3BD</td></tr><tr><td>Exchange2013-KB2880833-x64-zh-hans.msp</td><td>99AC760EC5C32DC705B04D6478C4694DFAD7D652</td><td>8D119569785EDC93E5070903440FCCACB1894E4803EACCD0A5EF65D357846553</td></tr><tr><td>Exchange2013-KB2880833-x64-zh-hant.msp</td><td>FA7C94A255C5204D181F56C032D8A9D455308134</td><td>18EDDD34461B00D7D57E8F88B3651AEEE8D6BC371C52E285B8A35AB81F923C7E</td></tr></table></div> Exchange 2013 cumulative update 3 <br /><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Exchange2013-KB2880833-x64-de.msp</td><td>F019AE4FC2986629267C65FF3A9A9B767487B13B</td><td>1F4E1D74119EFE0B5A375A5C6E655DC38A2B6E0B5CAEC08F3B04F8C1416B0F81</td></tr><tr><td>Exchange2013-KB2880833-x64-en.msp</td><td>50673BFD872001025B326D1E1AA45B1F6E0FB92B</td><td>04E7534F068699D83811A4E5558AC9DBB282317E7492DA37A2682F83E484D989</td></tr><tr><td>Exchange2013-KB2880833-x64-es.msp</td><td>03553483E16E59D5FB0CE325585A85E8D6B999E4</td><td>AA1AE78AF0437087DEF90D22BA9C0EAE6BEB450F4E59A636D64C7F9C23A53F43</td></tr><tr><td>Exchange2013-KB2880833-x64-fr.msp</td><td>3223706EFB1C9BC373A07FA9CFDB085A8D5FD675</td><td>0B40FFE8D881CB4380F2B37CDFD1123B02CCDAFBFDEAA60B894F616F25E2FDDF</td></tr><tr><td>Exchange2013-KB2880833-x64-it.msp</td><td>B354B2DD2FE14A7DAF582B983088048D1C0AC3A5</td><td>74A7A75AE28E23BBFFC0C6FB7903A4E9BFD05FFD23162C1907EA9B557EBDA1BC</td></tr><tr><td>Exchange2013-KB2880833-x64-ja.msp</td><td>01EE293A4F1534C8B0F5EB2D35284882EB4BF6B3</td><td>59BD26E219A3E55F1D859754F8D03FDF5B76D0CF3658211C9AB5FD9CB727AEC2</td></tr><tr><td>Exchange2013-KB2880833-x64-ko.msp</td><td>C5592A5C218C0558B8E61543B0730AF4EEA0747F</td><td>A800347F98970E1282FC710B352D04E4FD874470FA77E9122912AD33932FD16A</td></tr><tr><td>Exchange2013-KB2880833-x64-pt.msp</td><td>84044FB3EEA44FB39AAAD947284477A7CD335791</td><td>702A3D9AA404F92EF1E667178DDC2318C8C0E0775C429E3DF80B1B0E40428C4D</td></tr><tr><td>Exchange2013-KB2880833-x64-ru.msp</td><td>648A14087D0B96C1DF78D112BB0ED6694781D00F</td><td>C3CFF91B68D376A53EDD57B81E7299F020AB63B5FBB6E531FD7EAA245C6ACF29</td></tr><tr><td>Exchange2013-KB2880833-x64-zh-hans.msp</td><td>D1F334369CDDBCD82B18283962C74BDEAA7D35B6</td><td>A9C92319612C92292E25F52F4C8EF0709D99F95613E6AF7B06CF0CB33AB4A447</td></tr><tr><td>Exchange2013-KB2880833-x64-zh-hant.msp</td><td>E1E11FD9D0A4D6617B59D78175D9170CCB162BE6</td><td>5420F1355C70E71A3556225264173691F39142916C60F6031FBD7EF4121DA19C</td></tr></table></div></div><br /></span></div></div></div></div></body></html>