Share via


The WebReady Document Viewing service has been disabled by the administrator for your organization

UPDATE (12/20/2012):

This issue is now resolved.

 

Symptoms:

When using Outlook Web Access to view mail stored in a mailbox on Microsoft Office 365, and attempting to preview a Portable Document Format (PDF) attachment, the user will [currently] receive the following message:

“The WebReady Document Viewing service has been disabled by the administrator for your organization. For more information, contact your helpdesk.”

 

Cause:

Currently, the “WebReady Document Viewing” feature is disabled within Microsoft Office 365, as there was a security vulnerability discovered in a component (provided by a 3rd party) licensed to Microsoft.

 

Workaround:

Users are still be able to view PDF attachments by first downloading the attachments, then opening the file(s) locally on their computer.  Users may also use the Outlook client to preview the PDF attachment from within the message itself.

 

Next Steps:

  1. The Microsoft Exchange Team is working to test and deploy the corrective patches so that we can re-enable the WebReady Document Viewing feature as soon as possible.
  2. I will update this blog post when WebReady Document Viewing is re-enabled in Microsoft Office 365.

 

References:

“Vulnerability Note VU#118913: Oracle Outside In contains multiple exploitable vulnerabilities”

https://www.kb.cert.org/vuls/id/118913

 

“Oracle Critical Patch Update Advisory - July 2012”

https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

 

“Microsoft Security Advisory 2737111 and Microsoft Exchange”

https://blogs.technet.com/b/exchange/archive/2012/07/25/microsoft-security-advisory-2737111-and-microsoft-exchange.aspx

 

“Microsoft Security Advisory (2737111): Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution”

https://technet.microsoft.com/en-us/security/advisory/2737111

 

“More information on Security Advisory 2737111”

https://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx

 

“Microsoft Security Bulletin MS12-058 – Critical: Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)”

https://technet.microsoft.com/en-us/security/bulletin/ms12-058

 

"The WebReady Document Viewing service has been disabled?"

https://community.office365.com/en-us/forums/160/p/64022/247173.aspx#247173



Credits:

  • Amir Haque, Sr. Program Manager, Product Quality
  • Microsoft Exchange Sustained Engineering Team

Comments

  • Anonymous
    September 20, 2012
    Isn't the service disabled as a whole and not just for PDF documents?

  • Anonymous
    September 20, 2012
    Okay, perhaps not. :) Any idea why I'm experiencing the same thing with RTF documents even though this extension is in the allowed list.

  • Anonymous
    September 20, 2012
    Hi Michel, Good catch on your part, and my apologies for not calling this out initially. When using the Get-OwaMailboxPolicy cmdlet (via the Microsoft Online Services Module for Windows PowerShell), you'll see it displays both the WebReadyFileTypes and WebReadyMimeTypes as being enabled for rendering PDF and RTF documents.  However, both RTF and PDF are currently disabled within Office 365 (as you observed).  Thanks for the feedback! Regards, Scott Oseychik

  • Anonymous
    November 08, 2012
    I'm still getting this problem. When can we expect a fix?

  • Anonymous
    November 08, 2012
    Has the issue been resolved?  All of my Office365 customers are still complaining; however, this bulletin seems to suggest its been resolved: technet.microsoft.com/.../ms12-058