Life may have no meaning. Or even worse, it may have a meaning of which I disapprove - Ashleigh Brilliant
|
|
|
Microsoft Exchange opens the door for hackers
FIRMS RUNNING Microsoft's Exchange mail server could find that users of its Outlook Web Access (OWA) software have their sessions hijacked.
A security vulnerability in Exchange Server 2003 SP2 and Exchange Server 2007 SP1 and SP2 means that attackers can take control of a user's OWA session and issue commands up to the level permitted by security controls without the user knowing. OWA is a rich 'web mail' client that is offered by Exchange Server and has the look and feel of Microsoft's standalone Outlook software.
Microsoft's proposed solution to the problem might raise the ire of it customers. In the security advisory the Vole says, "Microsoft recommends that customers running affected editions of Microsoft Exchange Server upgrade to a non-affected version of Microsoft Exchange Server to address the vulnerability." Of course system administrators have nothing better to do than upgrade the version of Exchange on all of their mail servers and shift thousands of mailboxes to a new version of Exchange.
Microsoft does give a helping hand, though, by providing a handy list of the Exchange versions that are not affected, and those include Exchange 2000 SP3, 2007 SP3, 2010 and 2010 SP1.
The Vole also recommends segmenting user rights in OWA to limit the potential for damage by hackers. If you feel like implementing a particularly useless 'fix', then Microsoft also offers a way of hiding the display of the OWA options panel, which should flummox only the most novice of script kiddies.
Now all that's left is for Microsoft email system administrators to pick which day to come in at 3AM in order to overcome yet another security hole in Exchange. µ
Tags: Microsoft
Share this:
Share
On every news that blames Microsoft, it has more than 90% of chance to be posted by Lawrence Latif.
I totally agree.
Hackers waste my time, and it pisses me off no end!
Why don't they stop being c*cks an go and do something productive with their lives!?
But they disguise it, call their hassling of the rest of us "features". Just as high school bullies go into "law enforcement" so they have a bigger field in which to do their mischief -- and eventually turn to outright evil -- and get paid to do so by their victims.
After so long and uniform a history that I don't need to example it, you just about have to conclude that M$ *is* full of malicious bullies; you're just misled by that they have hacker abilities TOO.
(2nd attempt: errors...)
...versions that are NOT affected ...include Exchange 2000 SP3, 2007 SP3, 2010 and 2010 SP1.
- So for many admins, all there is to do is to install the latest Service Pack - which they should have done long ago anyway...
Come on Lawrence, what's all that fuzz about? Why don't you stick to flaming Steve Jobs?
Remember the dick teacher in high school who gave students a hard time and said "It's for your own good because you'll face dicks your hole life?"
Now we have hackers screwing up our computers, and half of them are doing it for kicks and saying "It's for your own good because other hacker assholes are out there so you need to be ready."
Assholes, every one. Why do we blame the OS manufacturer and not the hacker? Because it's more convenient when you have a name?