This security update resolves two privately reported vulnerabilities in Outlook Web Access

This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.

This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the validation of HTTP session data within OWA. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation.  Microsoft recommends that customers apply the update at the earliest opportunity.

Known Issues.  Microsoft Knowledge Base Article 953747 documents the currently known issues that customers may experience when installing this security update.

Bookmark Now

Related posts

• Zero dat vulnerability (0)
• Wordpress is vulnerable to threats (0)
• What is zero day attack or exploit (0)
• Vulnerabilities does not spare acrobat too (0)
• SQL Injection is one of the many web attack mechanisms (1)