Microsoft released eight security bulletins that were supposed to fix exploits in a number of its software products earlier this week as part of its regular monthly "Patch Tuesday" event. Now it looks like two of those bulletins were sent out a bit too soon.
In a post on the official Microsoft Exchange blog, the company announced that it has pulled the MS13-061 security bulletin temporary from being accessed from Microsoft's website and from its automatic update service. This bulletin was one of three released this month that Microsoft said was a "critical" patch needed to fix an exploit that, if used by hackers, would have allowed for a remote code execution in Microsoft Exchange Server 2007, 2010 and 2013.
As it turns out, the patch has since been discovered to cause a number of issues with Microsoft Exchange Server 2013 when it is installed, which includes causing the Microsoft Exchange Search Host Controller to go missing. If the bulletin has already been installed, Microsoft has offered a workaround to fix its problems until a corrected patch is ready to be released.
Another security bulletin from Microsoft, MS13-066, has also been pulled from circulation. The update, labeled as "Important", was meant to fix a security hole in the company's Active Directory Federation Service for Windows Server 2003, Windows Server 2008, Windows Server 200 R2 and Windows Server 2012.
However, Microsoft has now posted word that the updates included in the bulletin could in fact stop Active Directory Federation Service 2.0 to stop working. The support page says, "Microsoft is researching this problem and will post more information in this article when the information becomes available."