• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Patches Critical Flaw in Forefront Protection for Exchange Server

February 12, 2014 By Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: Forefront Protection 2010 for Exchange Server (FPE)
  • How an attacker exploits it: By sending a specially crafted email
  • Impact: An unauthenticated attacker can execute code with the privileges of the configured service account
  • What to do: Install the FPE update as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Forefront Protection for Exchange Server (FPE) is an antivirus and anti-spam security product designed to protect Microsoft’s popular Exchange email server. According to a bulletin released on Patch Day, FPE suffers from an unspecified vulnerability involving the way it parses specially crafted email messages. By sending a malicious email to a vulnerable Exchange server, an unauthenticated attacker can exploit this vulnerability to execute code on your Exchange server with the configured service account’s privileges.

On the surface, this vulnerability sounds quite severe, and it is if exploitable. However, according to one of Microsoft’s blogs, they found the flaw internally but haven’t been successful in developing a real-world exploit for it. They don’t suspect attackers will exploit this issue in the wild, nonetheless, we recommend you apply the patch as quickly as you can.

Solution Path:

Microsoft has released a Forefront Protection 2010 for Exchange Server update to correct this flaw. You should download, test, and deploy the update as soon as possible, or let Windows Update do it for you. As with all server updates, we recommend you test this patch before pushing it to your production Exchange servers.

For All WatchGuard Users:

Both our XTM and XCS appliances can often block or strip malicious emails depending on their properties (for instance, if they contain certain headers or MIME types). However, without additional information about the specially crafted email used to trigger this vulnerability, we cannot say whether or not we help in this case. To be safe, we recommend you apply the Microsoft’s FPE patch.

Status:

Microsoft has released a patch to fix this FPE vulnerability.

References:

  • MS Security Bulletin MS14-008

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Share This:

Related

Filed Under: Security Bytes Tagged With: exchange, Forefront, Forefront Protection for Exchange, FPE, Microsoft

Comments

  1. Albertina says

    September 29, 2014 at 7:20 am

    It’s awesome designed for me to have a site, which is good designed
    foor my knowledge. thanks admin

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use