• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Exchange Update Corrects Oracle Outside In Vulnerabilities

August 14, 2012 By Corey Nachreiner

Severity: Medium

Summary:

  • These vulnerabilities affect: Exchange Server 2007 and 2010
  • How an attacker exploits it: By enticing a user to preview a specially crafted attachment within an email
  • Impact: An attacker can execute code with the restricted privileges of the LocalService account
  • What to do: Deploy the appropriate Exchange Server update as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Microsoft Exchange is one of the most popular email servers used today. It includes many advanced features and capabilities. One such feature, called WebReady Document Viewing, allows your email users to preview attached documents as web pages. Exchange leverages Oracle’s Outside In technology to parse these documents and provide these previews.

Unfortunately, Oracle recently found a number of vulnerabilities in their Outside In libraries, which they fixed during their quarterly Critical Patch Update (CPU) last July. Early August, Microsoft realized Exchange was also affected by Oracle’s Outside In vulnerabilities, and they released a security advisory warning their customers about it (we highlighted this advisory in WatchGuard Security Week in Review a few weeks ago). Though Microsoft’s advisory provided a workaround for the issue, it didn’t completely fix it

Today’s Exchange security bulletin does completely resolve the Oracle Outside In vulnerabilities within Exchange.

In a nutshell, the Outside In libraries that Exchange leverages suffer from a number of code execution vulnerabilities having to do with how they parse various types of files. By enticing one of your email users to preview a specially crafted document attached to an email, an attacker can exploit any of these flaws to execute code directly on your Exchange server. Luckily, the code only executes with the permissions of the LocalService account, which has very limited privileges. Nonetheless, we recommend Exchange administrators update as soon as possible.

Solution Path:

Microsoft has released Exchange updates to correct these vulnerabilities. You should download, test, and deploy the appropriate update as soon as possible, or let Windows Update do it for you. You can find the updates in the “Affected and Non-Affected Software” section of Microsoft’s Exchange bulletin.

For All WatchGuard Users:

If you like, you can configure WatchGuard’s security appliances to block or strip the document types necessary for attackers to exploit these vulnerabilities. However, some of the affected documents include ones that most administrators prefer to allow, such as Word and PDF documents. Therefore, we recommend you apply the patches instead.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

  • MS Security Bulletin MS12-058

Share This:

Related

Filed Under: Security Bytes Tagged With: exchange, Microsoft, Oracle, Outside In

Comments

  1. best coffee makers says

    January 3, 2014 at 1:50 pm

    It is dependent upon how many cups of coffee you might be making.
    With the several range of choices offered one cannot miss receiving a coffee-making machine of their preferred choice.
    But for those wanting to benefit from this ages old French design,
    or simply just try new things with their morning java, options
    abound.

    Reply
  2. servertalk.in says

    February 6, 2014 at 6:33 am

    Bosch’s Tassimo is the ideal solution for many who do not like to brew an entire cup of coffee.
    The filter will catch the grounds so they do not end up within your coffee
    cup. Thus, French coffee makers are best for preserving the flavour of it.

    Reply
  3. Penny says

    July 19, 2014 at 4:17 pm

    If you make your personal milk shakes, smoothies or similar flavored drinks,
    a kitchen handheld blender can make your life much simpler.
    You can search the internet for relevant reviews regarding Braun’s
    fabulous products. Before you acquire it, make sure you perform comprehensive
    research about it to get the one made from probably the most
    reliable and trustworthy company.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use