Update 14-8-2013: The security update for Exchange 2013 has been temporarily removed due to an issue with the search infrastructure. If you have installed it please refer to article “Update 2874216 breaks the content index in Exchange Server 2013” Update 14-8-2013: Please see an update on the Exchange team blog .
Update 27-8-2013: Updated release of the security update for Exchange 2013 CU1 and CU2 is now available.
The first security update for Exchange 2013 was release to the download centre earlier today to address the security issues that are described in Microsoft Security Bulletin MS013-061. Exchange 2007 SP3, Exchange 2010 SP2 and Exchange 2010 SP3 also received updates today to resolve the security issues described in the bulletin. While all supported Exchange 2007 and 2010 builds were updated to resolve CVE-2013-2393 and CVE-2013-3776, there is an additional security vulnerability in Exchange 2013. This is covered in CVE-2013-3781 and discussed in the Oracle Critical Patch Update Advisory – July 2013. Microsoft has classified all three of these issues as critical for Exchange 2013.
This is the first Exchange 2013 update that resolves only security issues. As previously mentioned with the new servicing model security updates will be release separately from the other Cumulative Updates servicing updates.
In order to install this security update, you must have installed the updated build of Exchange 2013 RTM CU2 which is described here. This is the 712.24 build of Exchange.
Please test before installing this update into production! This is not a surprise, as every update to the messaging infrastructure should be carefully tested and reviewed prior to installing in production.