News

Microsoft's Exchange Server Update Rollout Hits a Snag

• By Kurt Mackie
• August 14, 2013

Microsoft updated several versions of its Exchange Server product on Tuesday, but later pulled the parts of the release related to Exchange 2013.

An update for Exchange 2013 Cumulative Updates 1 and 2 (CU1 and CU2) was removed from the Microsoft Download Center because of a problem with "critical" security update MS13-061, explained Ross Smith IV, principal program manager for Exchange customer experience, in a Wednesday blog post.

MS13-061, which addresses a potential remote code execution flaw, was released as part of Microsoft's August security patch on Tuesday. It was listed by Microsoft as having "no known issues." However, Smith singled out an issue when it is installed with Exchange 2013.

"Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed," Smith wrote.

Those organizations using Exchange 2013 that applied MS13-061 can follow the steps in Knowledge Base article KB 2879739 to remedy the situation, according to Smith. The Knowledge Base article indicates changes to make in the registry. Otherwise, if MS13-061 hasn't been applied, then Microsoft is advising deferral and using a workaround described in the MS13-061 security bulletin in the interim.

Other update rollups for Exchange that were released on Tuesday weren't affected by this security patch problem. Microsoft released the following Exchange update rollups at the Microsoft Download Center:

• Update Rollup 11 for Exchange Server 2007 SP3
• Update Rollup 7 for Exchange Server 2010 SP2
• Update Rollup 2 for Exchange Server 2010 SP3

Microsoft has been releasing its Exchange updates on a more frequent basis as part of a planned "increased cadence." The idea is to support organizations that use a hybrid mix of the hosted Exchange Online service along with premises-based Exchange Server by keeping the changes in sync. Microsoft previously has indicated that it plans to deliver updates to Exchange 2013 on a quarterly basis, as part of that faster cadence.

However, many of the monthly delivered update rollups have arrived with problems. Some IT pros have commented in Microsoft's Exchange blog posts that they are wary of applying update rollups as a consequence. While Microsoft claims to test its update rollups before releasing them, Smith admitted that Microsoft didn't test a local server version of Exchange 2013 this time with regard to the MS13-061 security patch.

Smith promised that Microsoft would do local server testing before releasing future Exchange updates. However, he also acknowledged that Microsoft's optimistic release cadence for Exchange might get a second look.

"We will continue to make improvements in our release cadence and testing methodologies over time to ferret out these issues," Smith wrote. "These changes may mean that our once a quarter release cadence for Exchange 2013 may change."