MS13-012 – Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (February 13, 2013): Clarified that Microsoft Exchange Server 2010 Service Pack 3 is not affected by the vulnerabilities described in this bulletin. This is an informational change only.
Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server. The most severe vulnerability is in Microsoft Exchange Server WebReady Document Viewing, and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

Powered by WPeMatico

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

30,803 Spam Comments Blocked so far by Spam Free Wordpress