As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savings and productivity, it is also important to have robust security policies supporting BYOD.
Last week, several media reports surfaced of an attack on the European Parliament in which some members had their email unlawfully accessed. Initial media speculations inaccurately implied that the attack used a vulnerability in Microsoft’s Exchange ActiveSync. While details and specifics of this attack continue to be investigated, based on our initial information, we have determined this is not a vulnerability in the ActiveSync protocol; the issue is how third party devices handle authentication of certificates.
Read more at source: http://blogs.technet.com/b/msrc/archive/2013/11/26/security-and-policy-surrounding-bring-your-own-devices-byod.aspx