Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Patches Critical Flaw in Forefront Protection for Exchange Server

By

Severity: High

Summary:

  • These vulnerabilities affect: Forefront Protection 2010 for Exchange Server (FPE)
  • How an attacker exploits it: By sending a specially crafted email
  • Impact: An unauthenticated attacker can execute code with the privileges of the configured service account
  • What to do: Install the FPE update as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Forefront Protection for Exchange Server (FPE) is an antivirus and anti-spam security product designed to protect Microsoft’s popular Exchange email server. According to a bulletin released on Patch Day, FPE suffers from an unspecified vulnerability involving the way it parses specially crafted email messages. By sending a malicious email to a vulnerable Exchange server, an unauthenticated attacker can exploit this vulnerability to execute code on your Exchange server with the configured service account’s privileges.

On the surface, this vulnerability sounds quite severe, and it is if exploitable. However, according to one of Microsoft’s blogs, they found the flaw internally but haven’t been successful in developing a real-world exploit for it. They don’t suspect attackers will exploit this issue in the wild, nonetheless, we recommend you apply the patch as quickly as you can.

Solution Path:

Microsoft has released a Forefront Protection 2010 for Exchange Server update to correct this flaw. You should download, test, and deploy the update as soon as possible, or let Windows Update do it for you. As with all server updates, we recommend you test this patch before pushing it to your production Exchange servers.

For All WatchGuard Users:

Both our XTM and XCS appliances can often block or strip malicious emails depending on their properties (for instance, if they contain certain headers or MIME types). However, without additional information about the specially crafted email used to trigger this vulnerability, we cannot say whether or not we help in this case. To be safe, we recommend you apply the Microsoft’s FPE patch.

Status:

Microsoft has released a patch to fix this FPE vulnerability.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

View All

Archives