Critical MS Exchange Exploit Exposed
Critical MS Exchange Exploit Exposed
January 12, 2006: Hot on the heels of the Windows WMF flaw, Microsoft has released a patch for what is potentially an even bigger threat concerning Exchange Server and Outlook clients.
Details of the flaw were released on Tuesday in Microsoft’s MS06-003 security bulletin. They relate to the exploitation of Transport Neutral Encapsulation Format (TNEF) decoding in Microsoft Outlook and Microsoft Exchange allowing remote code execution.
Microsoft has labelled the flaw as “Critical” as it makes Exchange Servers 5.0, 5.5, or 2000 vulnerable during the processing of Rich Text Format (RTF) messages. All the exploit requires is a single malicious email to be sent to one vulnerable server. A hacker can then take control of the Exchange server and have access to any Outlook client that connects to it.
While the flaw only affects older versions of Exchange Server, current versions of Outlook, including Outlook XP and 2003, are vulnerable.
No exploits have surfaced as yet.
Do you still use Exchange Server 2000 or below?
Related Article: