ITinfo: Microsoft Exchange 2000 Security Hole

MS Exchange Leaks Email

Security hole needs patching -- fast!

ITINFO Sponsor

Internet E-Commerce Services

Go beyond websites and e-marketing.
Get away from all the hype and lies.

If you do e-commerce, you need us.
Will you be ready when the time comes?

Internet E-Commerce Services

Internet Poll

Have you attended a seminar via e-learning?

	yes
	no
poll archive

Microsoft Exchange 2000 Security Hole

by Dave Murphy
ISSN 1535-3613

Microsoft revealed a security hole in its Exchange 2000 mail server that allows crackers to target corporate email resources, including accessing, modifying, and deleting individual employee email messages. User's of Microsoft Outlook Web Access, the program grants email access via a web browser are at risk.

To exploit the flaw, an attacker would have to create a special text attachment that includes HTML code and scripts. While the attachment would appear to be a text file to the recipient, once opened, the script would automatically execute without notification. Windows normally notifies users that a script has been included in an incoming email message; however, in this case, Windows won't flag the user.

Microsoft has released a patch that covers this security hole.

Call for Comments

What do you think? Leave your comments on the message center

References

Microsoft
Message Center

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated June 7, 2001
http://dgl.com/itinfo/2001/it010607.html