- Recommend:
- 0 Comments
Another Hole Found in Outlook Web Access
Microsoft says flaw could allow unauthorized users to send and delete e-mail messages.
A flaw in the Outlook Web Access module in Microsoft's Exchange 5.5 e-mail system could allow unauthorized access to user's mailboxes, the company warned late Thursday.
The problem lies in the way Outlook Web Access handles inline script in HTML e-mail messages, Microsoft says in a security bulletin. An attacker can get full control over a mailbox when an e-mail message with embedded malicious code is opened using Microsoft's Internet Explorer browser and Outlook Web Access, Microsoft says.
Although the attacker can delete mailbox contents, move messages, and send messages as if they were the user, it isn't possible to send e-mail to addresses in the user's address book, which prevents a mass-mailing attack, Microsoft says.
Outlook Web Access allows users to access their e-mail via the Web, rather than using the Outlook client software on their PC.
Microsoft is having a tough time securing Outlook Web Access. In June it took the company three patches to plug a similar hole. The first and second patches for the hole, which affected both Exchange 2000 Server and Exchange 5.5, left administrators with dysfunctional e-mail systems.
Microsoft, which gives the vulnerability a "moderate" severity rating, urges administrators who have deployed Outlook Web Access to immediately install a patch to fix the flaw. The patch is available from Microsoft's TechNet Web site.
Microsoft's security bulletin can be viewed on the company's Web site.
Would you recommend this story? YES NO
- Recommend:
- 0 Comments
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
-
Free Outlook Add-In PocketKnife Peek Reveals Hidden Info
-
eM Client: Affordable Alternative to Microsoft Outlook
-
Preview Gmail Messages Before Opening Them
-
Be More Productive in Microsoft Outlook
-
Microsoft Outlook Social Connector Folds Facebook and LinkedIn Into Outlook
-
Gmail Delegation: Another Reason to Ditch Microsoft Outlook
-
Gmail's 'Bob' Features Help You Avoid E-mail Blunders
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
Liberties Groups Rap Google's Skirting of Safari's Privacy Protections
-
Google's Safari Tracking Debacle: Reality Check
-
Adobe Confirms New Zero-day Flash Bug
-
15 Smartphone Games to Play for Free in Your Browser
-
Mozilla Patches Critical Firefox Bug
-
Pre-rendered Pages Highlight Latest Google Chrome Release
-
Five Tips to Make Your Facebook Timeline Amazing
-
Google to Pay Users to Track Their Movements Online
-
Adobe Sets IE as Next Target in Flash Security Work
-
Chrome Comes to Android, But Only For the 1 Percent
-
Adobe Launches Sandboxed Flash Player for Firefox, Hopes for Fewer Exploits
-
Google Privacy Issues Let Microsoft Tout IE9's Safeguards
Ad Choices