Vulnerability in Exchange/OWA

Microsoft published recently security bulletin MS06-029, which describes a new vulnerability that can affect Exchange Server 2000 and 2003. This vulnerability could allow script injection when Exchange Server runs Outlook Web Access. An attacker could exploit the vulnerability by constructing an e-mail message with a specially crafted script. If this specially crafted script is run, it would execute in the security context of the user on the client. More information in the following links:

There are patches available for Exchange 2000 SP3, Exchange 2003 SP1 and Exchange 2003 SP2, but be warned that the installation of these security updates can break third party services such as BlackBerry or GodLink.

Technorati : , , : , ,

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top