hello
Google
Welcome to Carpe Diem: Flaphead@Home Sign in | Join | Help

Carpe Diem: Flaphead.com

Seize the Day

News

  • Add to Technorati Favorites <script type="text/javascript" src="http://technorati.com/embed/3ni3q36ikc.js"> </script>
    This information is provided "AS IS" with no warranties, and confers no rights. Also some of the information contains my views and thoughts.
    <script src="http://widgets.technorati.com/t.js" type="text/javascript" charset="UTF-8"></script>
    Blog Information Profile for flaphead

    Add Me! - Search Engine Optimization

    I heart FeedBurner

Security Update for Exchange Server 2003 SP2 (KB950159)

So we have a KB, Download and a Security Bulletin ;-) 

NOTE: This also affects Exchange 2007, but is included in RU3 for Exchange 2007 SP1 and RU7 for Exchange 2007 RTM

Source: http://www.microsoft.com/downloads/details.aspx?FamilyID=e099c1d1-5af6-4d6c-b735-9599412b3131&DisplayLang=en

This update addresses the Microsoft Exchange Server vulnerability addressed in the Microsoft Security Bulletin MS07-026.

MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server could allow elevation of privilege
http://support.microsoft.com/kb/953747
Microsoft Security Bulletin MS08-039 – Important
http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx

Executive Summary
This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session. This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the validation of HTTP session data within OWA. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation.  Microsoft recommends that customers apply the update at the earliest opportunity.
Known Issues.  Microsoft Knowledge Base Article 953747 documents the currently known issues that customers may experience when installing this security update

Affected Software
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007
Microsoft Exchange Server 2007 Service Pack 1
 

Posted: 09 July 2008 09:54 by Paul Flaherty

Comments

No Comments

New Comments to this post are disabled