Yesterday, we released an alert warning you about vulnerabilities in Exchange Server, as well as a new update to fix those flaws. Today, we have learned that there are problems with the Exchange Server 2013 version of that update. Microsoft has confirmed this problem and has pulled the affected patch. If you use Exchange 2013 and have already installed the broken update, we … [Read more...]
Exchange Still Suffers from Document Handling Flaws
Severity: High Summary: These vulnerabilities affect: Exchange Server 2007, 2010, and 2013 How an attacker exploits it: By enticing a user to preview a specially crafted email attachment using OWA Impact: An attacker can execute code with the restricted privileges of the LocalService account What to do: Deploy the appropriate Exchange Server update as soon as … [Read more...]
Microsoft Patch Tuesday: Critical Fixes for Exchange, IE, and Windows
It's that time again... Microsoft Patch Day. Sometimes following Microsoft's regular patch cycle can feel a lot like the movie, Groundhog Day. Yet—also like the movie—it's well worth repeating regularly to make sure that you get it right. According to their summary post, Microsoft released eight security bulletins today, three of which they rate as Critical. The bulletins … [Read more...]
Specially Crafted Attachments Can Crack Exchange Servers
Severity: High Summary: These vulnerabilities affect: Exchange Server 2007 and 2010 How an attacker exploits it: By enticing a user to preview a specially crafted email attachment using OWA Impact: An attacker can execute code with the restricted privileges of the LocalService account What to do: Deploy the appropriate Exchange Server update as soon as possible, or let … [Read more...]
Exchange Server Code Execution and DoS Flaws
Severity: High Summary: These vulnerabilities affect: Exchange Server 2007 and 2010 How an attacker exploits it: By enticing an email user to preview a specially crafted email attachment or to visit a malicious RSS feed. Impact: An attacker can execute code with the restricted privileges of the LocalService account, or crash your email server What to do: Deploy the … [Read more...]
