Microsoft is currently working on a fix for this vulnerability; in the meantime they have suggested a workaround to disable Web Ready Viewing. To perform this action, follow the steps below:

1. Open up the Exchange Management Shell as an Exchange Organization Administrator

2. Type the following command: Get-OwaVirtualDirectory | where {$_.OwaVersion -eq 'Exchange2007' -or $_.OwaVersion -eq 'Exchange2010'} | Set-OwaVirtualDirectory -WebReadyDocumentViewingOnPublicComputersEnabled:$False -WebReadyDocumentViewingOnPrivateComputersEnabled:$False

Alternatively, if you are concerned about attachment security you could look at a third party product from Messageware AttachView.

For additional information view the external links below: Microsoft Security Advisory (2737111) Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution

Use Ctrl+Shift+R to "Reply all" to the selected message.


Will tablet and Smart phone use be a big part of your OWA 2013 deployment?