Microsoft pulls buggy Exchange Server patch

Microsoft pulls buggy Exchange Server patch

Summary: MS13-061, released on Tuesday to address 3 vulnerabilities in an Oracle component in Exchange Server, causes data to be inaccessible in Exchange Server 2013. Microsoft has pulled the update and released guidance for how to work around the problems it causes.


After reports of content damage to Exchange Server 2013 after deployment, Microsoft has withdrawn the MS13-061 update for Exchange Server released this past Tuesday.

The company received reports of problems with Exchange Server 2013 installations from customers. The problem does not affect Exchange Server 2007 or 2010 and Microsoft says that customers of those versions can proceed with testing and deployment.

But, in the meantime, they have removed the patch from Windows Update and other distribution systems.

Knowledge Base article KB2874216 explains the problem in more detail and gives guidance for customers who have encountered it.  It identifies these problems that customers may encounter:

  • The content index (CI) for mailbox databases shows "Failed" on the affected server.
  • The Microsoft Exchange Search Host Controller service is missing.
  • You see a new service that is named "Host Controller service for Exchange."

The KB article describes 2 registry key settings to make. After rebooting the server, the problem should be bypassed.

Topics: Security, Windows Server

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Microsoft pulls buggy Exchange Server patch

    The problems never seem to end for Microsoft.
    Over and Out
  • patch

    I think they need another patch for this patch. Sometimes it happen
  • Poor testing.

    Should have actually tested it before sending it out...
  • M$ asleep on the job

  • This is not happening

    Everyone is imagining this stuff. There are so many Microsoft haters out there, those people intentionally damage their Exchange installations to claim it was from the Microsoft's "fix".

    The greatest software vendor of all times can't be wrong. When they say, this is the patch though shalt install on Tuesday, you do it while praying your Tuesday prayer for the good of Saint Ballmer and company. When the patch botches your data and shuts down your business, you thank God Bill Gates for his wisdom designing the best and most secure software development in the universe and line up to buy the next version, where Everything Is Fixed, Promised This Time.

    You just can't make that stuff up.

    • funny

      The last line

      You forgot the line 'too funny' ;-)
  • It's not only Microsoft that makes blunders

    I remember not so long ago (less than 3 years) when a well-known anti-virus company released an update that hadn't been tested on Windows XP. It completely screwed any Win XP computer it was installed on. We were lucky; we only had 9 PCs affected. We changed our anti-virus supplier shortly after. I'm not naming names here because we're all human and we all make mistakes, but some are more far-reaching than others!
  • Oracle component in Exchange server

    THis line "MS13-061, released on Tuesday to address 3 vulnerabilities in an Oracle component in Exchange Server"
    ???? Oracle component in Exchange server ????

    So was the bug in MS code or Oracle code?
    • Re: So was the bug in MS code or Oracle code?

      A more interesting question is this: Is Microsoft's software really written by Microsoft?

      Are not Microsoft just system integrators now?
  • This is why

    You should disable "automatic updates". Microsoft does not test their patches against the majority of possible configurations. That is left to the customers, there is a reason it takes more IT people to safely Administer a Microsoft network.
    Troll Hunter J
    • They test their patches

      But you're kidding yourself if you think they can test every configuration out there. There is a reason why ITIL is supposed to involve a test environment where you can test patches in an environment.

      Plus, it would have only impacted server-side search and it sounds like a fairly easy fix. Not the end of the world. It's not like it was cratering Exchange 2013 installs. Also, very few organizations would be past testing phases on Exchange 2013 and have rolled it into production already. The only exception to this, in fact the only place I've seen Exchange 2013 in use outside of a lab/PoC environment, is Office 365/Exchange Online.

      These things happen. I've seen Cisco WLC upgrades that cause all kinds of issues, I've seen a Cisco update for their UCS servers cause Broadcom iSCSI hardware NICs to randomly disappear from the host and require a full reboot to get them to show up. I have seen far, far worse issues than this patch has caused, that's for sure. From every vendor under the sun. And yes, that includes Microsoft.

      This is good to know about but these posts acting like it's an indication of poor process on Microsoft's end are blown way, way out of proportion.