Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle and uses them in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint. We are not aware of active exploits using this issue, but we do recommend customers use the workarounds described in the Advisory to help protect servers deployed on their premises.
Our teams are working to develop a security update of appropriate quality to address this issue. Meanwhile, our Security Research & Defense team has posted a blog that provides more information on the matter as well as details about the workarounds. We will continue to update customers with new information as it becomes available.
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
Microsoft Trustworthy Computing