Microsoft pulls ASLR DEP bypass patch

By

Fix caused Exchange 2013 glitch.

Microsoft has pulled a patch released this week after it caused problems with Microsoft Exchange.

Microsoft pulls ASLR DEP bypass patch

MS13-061 addressed three vulnerabilities in Exchange Server and was found to have triggered issues in version 2013, but not 2007 or 2010 environments.

"Specifically...the content index for mailbox databases shows as 'failed' and the Microsoft Exchange Search Host Controller service is renamed," Ross Smith IV, principal program manager of the Exchange Server product group said.

The three bugs lie in the way Exchange files are processed by Oracle Outside In, a set of libraries that software developers use to decode hundreds of file formats.

For administrators that already have deployed the patch, Microsoft recommends they apply KB 2879739, a workaround described here.

For those who have not yet installed the fix, the software giant suggests they don't and instead follow the steps listed in the "Workaround" section (under the "Vulnerability Information – Oracle Outside in Contains Multiple Exploitable Vulnerabilities") portion of the original security bulletin.

The patch also squashed a bypass in Address Space Layout Randomisation and Data Execution Prevention by removing all image pointers.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
aslrdepexchangeexploitsmicrosoftpatchingsecurityvulnerabilities

Sponsored Whitepapers

Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?