Nexus Security Alert

Security Alert

Vulnerability in Microsoft Exchange Server

Description
Some vulnerability was found in Microsoft Exchange Server:

1) Outlook Web Access Script Injection Vulnerability
- Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label”.

2) Malformed iCal Vulnerability
- The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (server hang) via a malformed calendar content request in an Internet Calendar (iCal) file.

3) MIME Decoding Vulnerability
- Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

4) IMAP Literal Processing Vulnerability
- IMAP support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via a crafted IMAP command, aka the "IMAP Literal Processing Vulnerability”.

Product affected
Exchange 2000 Server
Exchange 2003 Server
Exchange 2007 Server

Solution
Update patches for corresponding version of Exchange Server

Exchange 2000 Server SP3 with Exchange 2000 Post-SP3 Update Rollup of August 2004:
http://www.microsoft.com/downloads/details.aspx?FamilyId=21968843-4A81-4F1D-8207-5B0A710E3157

Exchange Server 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5E7939BE-73D1-461C-8C79-EDDB0F1459FC

Exchange Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1ABF93DA-D765-4876-96B5-ACB2D2A48F8F

Exchange Server 2007
http://www.microsoft.com/downloads/details.aspx?FamilyId=356874EF-C9C0-4842-99F0-E449E9940358

Suggested deployment tools
Patch Management System: Shavlik's HFNetChkPro, Patchlink's PatchLink Update, Altiris (Now Part of Symantec)

Source
Microsoft

Free Seminar

How to enhance your internet access control?

Promotion

Promotion 1: Hosted Exchange Service Promotion
Promotion 2: Microsoft Get The Power III

Enquiry Hotline: 2102 5894 Email: marketing@nexus-hk.com

If you don't want to receive our marketing information, please click here, we will promptly delete it. All the above informations are for reference only.