Outside In is already disabled on Exchange 2013. So that doesn't make any sense to me.
My personal guess - and this is a guess, as they haven't given MVPs any details - is that it is a hole in RPC/HTTP. The Exchange team uses technologies from a number of different companies. Outlook Web App was using a technology from Oracle called Outside In that allowed you to preview Office documents in a web browser without having to have the Office applications installed on your computer. You may remember that OWA 2003 used to require you to d/l attachments and then view them in separate applications. As of Exchange 2007, Microsoft licensed this technology from Oracle. In Exchange 2013, this was replaced by the Office Web Apps Server (which is also used by Lync and SharePoint for the same thing) to do the pre-rendering of these files. With the information I have today - I can't make a good call. Hopefully the actual security update will provide additional information. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Maglinger, Paul Sent: Thursday, August 8, 2013 5:23 PM To: New Exchange List ([email protected]) Subject: [Exchange] Critical patch for Exchange 2007/2010 Y'all seen this? Anyone want to chime in on how critical is "critical"? Storms isn't as concerned about it, yet. And what's this about Exchange using Oracle? http://www.computerworld.com/s/article/9241485/Microsoft_to_clean_up_after_Oracle_s_patch_mess_again_next_week?source=CTWNLE_nlt_pm_2013-08-08 -Paul
