Microsoft Exchange Server
. Microsoft Windows 2000 (SP4 and previous)
. Microsoft Windows XP (SP3, SP2 and previous)
. Microsoft Windows 2003 (SP2 and previous)
. Microsoft Windows 2008 (SP2 and previous)
. Microsoft Windows 2008 R2
. Microsoft Exchange Server 2003 (SP3, SP2 and previous)
. Microsoft Exchange Server 2007 (SP2, SP1 and previous)
. Microsoft Exchange Server 2010
5. *Non-vulnerable packages*
===============================ADVISORY===============================
Systems Affected: Microsoft Outlook Web Access 2003 and 2007
(Exchange Server 2003 SP2, Exchange Server 2007,
Exchange Server 2007 SP1)
Severity: High
Category: Cross Site Scripting, Cross Site Request Forgery
Author: Context Information Security Ltd
Reported to vendor: 10th January 2008
Advisory Issued: 10th July 2008
> As long as Outlook has been around, people have been trying to get two
> instances running at the same time. Not multiple profiles that you can
> load when starting Outlook, but two separate instances running
> concurrently, each with their own associated profile. After all,
> Outlook
> (even 2007) only lets you connect to a single Exchange server per
> profile... And that sucks.
> What would be great is to have one instance connected up to your
> "business" Exchange Server, and another connected up to your
"personal"
> Exchange Server (and of course, to other people's Exchange servers who
As long as Outlook has been around, people have been trying to get two
instances running at the same time. Not multiple profiles that you can
load when starting Outlook, but two separate instances running
concurrently, each with their own associated profile. After all, Outlook
(even 2007) only lets you connect to a single Exchange server per
profile... And that sucks.
What would be great is to have one instance connected up to your
"business" Exchange Server, and another connected up to your "personal"
Exchange Server (and of course, to other people's Exchange servers who
don't you know have an account on their box ;).
> "real world" issues that require we build multiple layers of defenses to
> ensure that assets are protected when other layers, mechanisms, or
> policies fail. And not being able to predict the future is *precisely*
> why security in depth is required. For example-- Back in January of
> 2003 (where has the time gone?) I published an article on Security Focus
> discussing how to secure Exchange Server deployments.
> (http://www.securityfocus.com/infocus/1654 if you want to check up on
> me). I would draw your attention to this excerpt in regard to using
> ISA's SMTP application filter to inspect SMTP traffic:
>
> "Though we are filtering the command set through the ISA server, it is
"real world" issues that require we build multiple layers of defenses to
ensure that assets are protected when other layers, mechanisms, or
policies fail. And not being able to predict the future is *precisely*
why security in depth is required. For example-- Back in January of
2003 (where has the time gone?) I published an article on Security Focus
discussing how to secure Exchange Server deployments.
(http://www.securityfocus.com/infocus/1654 if you want to check up on
me). I would draw your attention to this excerpt in regard to using
ISA's SMTP application filter to inspect SMTP traffic:
"Though we are filtering the command set through the ISA server, it is
mainly used as an e-mail application, but it also includes a calendar,
task manager, contact manager, note taking, a journal and web browsing.
Outlook supports various e-mail formats, including plain text, HTML and
TNEF. TNEF is a proprietary format used by Microsoft Outlook and
Microsoft Exchange Server. TNEF messages or TNEF streams exist of
message and/or attachment attributes. These attributes contain basic
properties, such as message subject, date sent and attachment title
(file name). Additional attributes can be set using MAPI properties,
which are stored in attMAPIProps or attAttachment TNEF structures.
will be triggered. Upon successful exploitation, the attacker will gain
the privileges of the "GoodAdmin" user. This is a special user account
which, in some configurations, may be a member of the "Administrator"
group. Regardless of the user's "Administrator" status, the user will
always have full privileges to "Read" and "Send As" all users on the
Microsoft Exchange server. This could allow an attacker to conduct
further social engineering attacks.
Other software packages using Outside In were not investigated.
IV. DETECTION
Affected products :
- ESET Smart Security 4 (before 15/04/2009)
- ESET NOD32 Antivirus 4 (before 15/04/2009)
- ESET Smart Security 4 Business Edition (before 15/04/2009)
- ESET NOD32 Antivirus 4 Business Edition (before 15/04/2009)
- ESET NOD32 Antivirus for Exchange Server (before 15/04/2009)
- ESET Mail Security (before 15/04/2009)
- ESET NOD32 Antivirus for Lotus Domino Server (before 15/04/2009)
- ESET File Security (before 15/04/2009)
- ESET Novell Netware (before 15/04/2009)
- ESET DELL STORAGE SERVERS (before 15/04/2009)
Affected products :
- ESET Smart Security 4 (update #4036)
- ESET NOD32 Antivirus 4 (update #4036)
- ESET Smart Security 4 Business Edition (update #4036)
- ESET NOD32 Antivirus 4 Business Edition (update #4036)
- ESET NOD32 Antivirus for Exchange Server (update #4036)
- ESET Mail Security (update #4036)
- ESET NOD32 Antivirus for Lotus Domino Server (update #4036)
- ESET File Security (update #4036)
- ESET Novell Netware (update #4036)
- ESET DELL STORAGE SERVERS (update #4036)
will be triggered. Upon successful exploitation, the attacker will gain
the privileges of the "GoodAdmin" user. This is a special user account
which, in some configurations, may be a member of the "Administrator"
group. Regardless of the user's "Administrator" status, the user will
always have full privileges to "Read" and "Send As" all users on the
Microsoft Exchange server. This could allow an attacker to conduct
further social engineering attacks.
Other software packages using Outside In were not investigated.
IV. DETECTION
vulnerable condition will be triggered. Upon successful exploitation,
the attacker will gain the privileges of the "GoodAdmin" user. This is
a special user account which, in some configurations, may be a member
of the "Administrator" group. Regardless of the user's "Administrator"
status, the user will always have full privileges to "Read" and "Send
As" all users on the Microsoft Exchange server. This could allow an
attacker to conduct further social engineering attacks.
Other software packages using Outside In were not investigated.
IV. DETECTION
Introduction
------------------------------------------------------------------------
Transport Neutral Encapsulation Format (TNEF) is a proprietary e-mail
attachment format used by Microsoft Outlook and Microsoft Exchange
Server. A plugin [3] for Evolution exists that provides basic support
for TNEF encoded e-mails. This plugin uses the ytnef library [4]
(libytnef) for processing TNEF messages. It borrows code from the ytnef
program, which is a program to work with procmail to decode TNEF streams
(winmail.dat attachments). Both applications share (almost) code and
are, because of this, both affected by the issues described in this
will be triggered. Upon successful exploitation, the attacker will gain
the privileges of the "GoodAdmin" user. This is a special user account
which, in some configurations, may be a member of the "Administrator"
group. Regardless of the user's "Administrator" status, the user will
always have full privileges to "Read" and "Send As" all users on the
Microsoft Exchange server. This could allow an attacker to conduct
further social engineering attacks.
Other software packages using Outside In were not investigated.
It is interesting to note that this vulnerability was fixed some time
Corporate Protection
* avast! 4 Server Edition(impact high, complete bypass)
* avast! 4 Server Edition Plug-ins
* avast! 4 Exchange Server Edition (impact high, complete bypass)
* avast! 4 ISA Server Edition (impact high, complete bypass)
* avast! 4 SharePoint Server Edition (impact high, complete bypass)
* avast! 4 SMTP Server Edition (impact high, complete bypass)
* avast! 4 Lotus Domino Edition (impact high, complete bypass)
* avast! Distributed Network Manager (impact high, complete bypass)
Apple's Mail.app is the default email application that comes with Mac
OS X machines. It supports S/MIME as standard for encryption and
authentication of emails. However by default Mail.app also has an
option called "Store draft messages on the server" when you are making
use of an IMAP or Exchange server.
The assumption when making use of S/MIME is that no one except you and
the recipient of the email can view your encrypted email - end to end
encryption. Emails are stored in encrypted form on the server and
therefore should not be read by anyone having access to the email
-------------------------------------------------
MS Patch - MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
Analysis - SMA does not have this component.
Action - Patch will not run successfully. Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
Analysis - SMA does not have this component.
Action - Patch will not run successfully. Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
Analysis - SMA does not have this component.
|
