Severity: High Summary: These vulnerabilities affect: Exchange Server 2007, 2010, and 2013 How an attacker exploits it: By sending an email with a specially crafted email attachment Impact: An attacker can execute code with the restricted privileges of the LocalService account What to do: Deploy the appropriate Exchange Server update as soon as possible, or let Windows … [Read more...]
UPDATE TO: Exchange Still Suffers from Document Handling Flaws
Yesterday, we released an alert warning you about vulnerabilities in Exchange Server, as well as a new update to fix those flaws. Today, we have learned that there are problems with the Exchange Server 2013 version of that update. Microsoft has confirmed this problem and has pulled the affected patch. If you use Exchange 2013 and have already installed the broken update, we … [Read more...]
Exchange Still Suffers from Document Handling Flaws
Severity: High Summary: These vulnerabilities affect: Exchange Server 2007, 2010, and 2013 How an attacker exploits it: By enticing a user to preview a specially crafted email attachment using OWA Impact: An attacker can execute code with the restricted privileges of the LocalService account What to do: Deploy the appropriate Exchange Server update as soon as … [Read more...]
Specially Crafted Attachments Can Crack Exchange Servers
Severity: High Summary: These vulnerabilities affect: Exchange Server 2007 and 2010 How an attacker exploits it: By enticing a user to preview a specially crafted email attachment using OWA Impact: An attacker can execute code with the restricted privileges of the LocalService account What to do: Deploy the appropriate Exchange Server update as soon as possible, or let … [Read more...]
Exchange Server Code Execution and DoS Flaws
Severity: High Summary: These vulnerabilities affect: Exchange Server 2007 and 2010 How an attacker exploits it: By enticing an email user to preview a specially crafted email attachment or to visit a malicious RSS feed. Impact: An attacker can execute code with the restricted privileges of the LocalService account, or crash your email server What to do: Deploy the … [Read more...]