ID: IRCNE2013081929
Date: 2013-08-19
According to "zdnet", last Tuesday was a bad Patch Tuesday for the Microsoft Server team. Two patches were issued, one for Exchange Server, one for AD FS (Active Directory Federation Services) 2.0, and both had to be withdrawn for problems.
Now Microsoft has re-released the ADFS patch, a.k.a. MS13-066. The FAQ in the updated security bulletin explains the problem with the initial release.
The rereleased update addresses an issue in the original offerings that caused AD FSto stop working if the previously released RU3 rollup QFE (update 2790338) had not been installed; the rerelease removes this requirement.
Even if you already applied the previous buggy patch, Microsoft encourages you to apply the new one as soon as practicable.
The problem only affected AD FS 2.0, not 1.x or 2.1. The update will only be offered by WSUS if AD FS 2.0 is installed on the system.
The other withdrawn update (MS13-061, vulnerabilities in an Oracle component in Exchange Server) remains withdrawn. Presumably the fix will involve coordination with Oracle.
- 2