Site icon Secplicity – Security Simplified

Microsoft Patches Critical Flaw in Forefront Protection for Exchange Server

Corey Nachreiner

Severity: High

Summary:

Exposure:

Forefront Protection for Exchange Server (FPE) is an antivirus and anti-spam security product designed to protect Microsoft’s popular Exchange email server. According to a bulletin released on Patch Day, FPE suffers from an unspecified vulnerability involving the way it parses specially crafted email messages. By sending a malicious email to a vulnerable Exchange server, an unauthenticated attacker can exploit this vulnerability to execute code on your Exchange server with the configured service account’s privileges.

On the surface, this vulnerability sounds quite severe, and it is if exploitable. However, according to one of Microsoft’s blogs, they found the flaw internally but haven’t been successful in developing a real-world exploit for it. They don’t suspect attackers will exploit this issue in the wild, nonetheless, we recommend you apply the patch as quickly as you can.

Solution Path:

Microsoft has released a Forefront Protection 2010 for Exchange Server update to correct this flaw. You should download, test, and deploy the update as soon as possible, or let Windows Update do it for you. As with all server updates, we recommend you test this patch before pushing it to your production Exchange servers.

For All WatchGuard Users:

Both our XTM and XCS appliances can often block or strip malicious emails depending on their properties (for instance, if they contain certain headers or MIME types). However, without additional information about the specially crafted email used to trigger this vulnerability, we cannot say whether or not we help in this case. To be safe, we recommend you apply the Microsoft’s FPE patch.

Status:

Microsoft has released a patch to fix this FPE vulnerability.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Exit mobile version