Caution ! Exchange 2013 CU18 Security update (OWA Vulnerability)

Upgrading Exchange 2013 CU18 had few challenges when you have too many 3rd party applications running on the exchange servers, In my previous blog you would have seen the show spoiler being identified as Mcafee host intrusion service. Likewise I would also want to bring this to your notice that you should be slightly cautious when installing
Security Update For Exchange Server 2013 CU18 (KB4045655).

Not sure how many went through this caution note on the technet blog where it stresses the importance of running this security update with elevated permissions (run as administrator). I personally experienced this as I ran it just with a double click on the file, post which we had some issues in connecting to our OWA & ECP. Upon investigation its observed that most of the resources weren’t present in the OWA directory.

Here are the known issues reported when this Security patch is installed (ref: https://support.microsoft.com/en-ca/help/4045655/description-of-the-security-update-for-microsoft-exchange-december-12)

1. We are aware of some reports that Exchange services may remain in a disabled state after you install this security update. If this occurs, the update is installed correctly. However, the service control scripts encounter a problem when they try to return Exchange services to its usual state. To resolve this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually.
2. When you try to manually install this security update in “normal mode” (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using UAC (user account control). The issue occurs because the security update does not correctly stop certain Exchange-related services. To avoid this issue, run the security update in elevated mode as an administrator. To do this, right click the update file, and then click Run as administrator.

In case if you already installed this, remove the security update from the server completely and post a reboot install the security update again with the elevated permission.

Cheers,
Ganesh G