TechTarget

Microsoft finds flaw in Outlook Web Access

Microsoft has warned that a flaw in the Outlook Web Access module in its Exchange 5.5 e-mail system could allow unauthorised...

Microsoft has warned that a flaw in the Outlook Web Access module in its Exchange 5.5 e-mail system could allow unauthorised access to users' mailboxes.

The problem lies in the way Outlook Web Access handles inline script in HTML e-mail messages, Microsoft said in a security bulletin. An attacker can get full control over a mailbox when their e-mail with embedded malicious code is opened using Microsoft's Internet Explorer browser or Outlook Web Access.

Although the attacker can delete mailbox contents, move messages and send messages as if they were the user, it is not possible to send e-mail to addresses in the user's address book, preventing a mass-mailing attack, Microsoft said.

Outlook Web Access allows users to access their e-mail through the Web, rather than using the Outlook client software on their PC.

Microsoft is having a tough time securing Outlook Web Access. In June, it took the company three patches to plug a similar hole. The first and second patches for the hole, which affected both Exchange 2000 Server and Exchange 5.5, left administrators with dysfunctional e-mail systems.

Microsoft, which gives the vulnerability a "moderate" severity rating, urges administrators that have deployed Outlook Web Access to immediately install a patch to fix the flaw. The patch is available from Microsoft's TechNet Web site.

Microsoft's security bulletin can be viewed at www.microsoft.com/technet/security/bulletin/MS01-057.asp

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close