A few days ago, Microsoft announced the release a bunch of security updates for all current versions of Exchange Server. The updates related to a Security Bulletin (MS13-105) which was released earlier and revealed a vulnerability caused by Oracle’s Outside In. This makes me think back of earlier issues where parts of code from Oracle were already causing major security concerns.
The update vehicle for Exchange 2007/2010 will be an Update Rollup which, given the release of RU3 only a few days ago, comes faster than anticipated. As the official announcement from the Exchange team already points out, this RU will contain little (nothing) more than the security update for MS13-105. Exchange 2013 customers will have the ability to install just the security update, which is available as a ‘discrete update’ from Microsoft’s website.
Check out the following link for more information: http://blogs.technet.com/b/exchange/archive/2013/12/10/released-microsoft-security-bulletin-ms13-105-for-exchange.aspx