Severity Rating: Critical
Revision Note: V2.2 (November 20, 2012): Corrected the update package names, registry verification keys, and log file names for the KB2756497 and KB2756496 updates where incorrect in this bulletin. These are informational changes only. The download pages and associated Knowledge Base articles already contained the correct information.
Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server WebReady Document Viewing. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.
Powered by WPeMatico