Today the Exchange team released security bulletin MS13-105. Updates are being made available for the following versions of Exchange Server:
Exchange Server 2007 SP3
Exchange Server 2010 SP2
Exchange Server 2010 SP3
Exchange Server 2013 CU2
Exchange Server 2013 CU3
Customers who are not running one of these versions will need to upgrade to an appropriate version in order to receive the update.
Security bulletin MS13-105 contains details about the issues resolved, including download links.
For Exchange Server 2007/2010 customers, the update is being delivered via an Update Rollup per standard practice. Due to the timing of the release of our most recent Update Rollups, the only difference between the previously released Update Rollup and the Security Update Rollup released today is the inclusion of the security updates identified in MS13-105. We did not include updates for any other customer reported issues in these packages to ease their adoption.
For Exchange Server 2013 customers, security updates are always delivered as discrete updates and contain no other updates. Security updates for Exchange 2013 are cumulative in nature based upon a given Cumulative Update. This means customers who are running CU2 who have not deployed MS13-061 can move straight to the MS13-105 update because it will contain both security updates. Customers who are already running MS13-061 on CU2 may install MS13-105 on top of MS13-061 without removing the previous security update. If MS13-061 was previously deployed, Add/Remove Programs will indicate that both updates are installed. If MS13-061 was not previously deployed, only MS13-105 will appear in Add/Remove Programs.
These updates are being made available via Microsoft Update and on the Microsoft Download Center.