Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

January 12, 2006

More on the Exchange Server and Outlook bug

Posted by David Hunter at 9:46 AM ET.

As mentioned yesterday, Microsoft changed their lifecycle support policy to get in one last security fix for Exchange 5.0 and Exchange 5.5. It’s just as well, because Microsoft’s Newest Bug Could Be Awful, Researcher Says:

“What I find bizarre is that there’s still all this focus on the WMF [Windows Metafile] bug,” said Mark Litchfield, the director of NGS Software, a U.K.-based security company, and one of the two researchers credited by Microsoft with the discovery of the TNEF (Transport Neutral Encapsulation Format) vulnerability.

“You could take over an Exchange server with a single, simple e-mail,” he said. “From there you could target all the clients accessing that server. You would ‘own’ any Outlook client that connects to that server. Then an attacker could grab the Outlook users’ address books.

“If you did it right, you could own every Outlook user in the world within a week,” he said.

Actually, while earlier versions have the flaw, Exchange Server 2003 is immune, but you get the idea. All recent Outlook versions need to be patched as well. While there are no exploits in the wild yet, they are expected shortly as the Microsoft patch is reverse engineered.



Filed under Exchange, Office, Outlook, Security, Servers

Related posts:

 

Comments are closed.

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email


Powered by FeedBlitz

Categories:

Full category list

Archives:

Archive List

RSS Feed:



HunterStrat Links:

Other:

  • Powered by WordPress.

Advertisements:


 

Related:


Misc: