MS plugs 'moderate' Exchange vuln
DEFCON 0.02 or thereabouts
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Microsoft's patch train rolled into town last night with one solitary occupant. After the release of XP SP2 last Friday it's just as well that the only extra thing sysadmins have to contend with is a not-especially devastating vulnerability involving Exchange.
Microsoft has issued a patch which aims to address a cross-site scripting and spoofing vulnerability in Outlook Web Access feature of Exchange Server 5.5. This flaw could be exploited to trick a user into running a malicious script, which would run in the security context of a user. It may also be possible to exploit the flaw to manipulate Web browser caches and intermediate proxy server caches, and put spoofed content in those caches.
The vulnerability affects only Outlook Web Access for Exchange Server 5.5. Outlook Web Access for Exchange 2000 Server and Outlook Web Access for Exchange Server 2003 are not vulnerable.
Redmond describes the vulnerability as moderate, way below the dreaded critical and important designations on its peril index. The alternative workaround is to disable Outlook Web Access, the service that allows users to access their Exchange mailbox through a browser
Microsoft recommends that customers "consider applying" the security update. Its advisory is here. ®
Related stories
MS hatches July patch batch
Long-awaited IE patch (finally) arrives
Microsoft drops WinXP SP2 surprise onto Beta site
How to order WinXP SP2 now
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
