resource center
  See your link here
|
IDG News Service -
Microsoft Corp. is investigating a potential security issue with Exchange Server 2003, which would be the first since the e-mail server was launched last month.
The potential flaw lies in the Outlook Web Access (OWA) component of Exchange Server 2003. A network administrator at a Nashville-based provider of investment performance reporting tools found that users logging into OWA could be logged into another user's mailbox at random and have full access privileges.
"This seems to be a major security flaw and we have had to shut off OWA indefinitely because of the issue," the network administrator wrote in a posting to NTBugtraq, a well-known security mailing list.
A preliminary investigation by Microsoft indicated that the issue occurs only with Kerberos authentication disabled, which the vendor said is uncommon. "We recommend that our customers ensure that Kerberos authentication is enabled, which is the default configuration," Microsoft said in a statement.
However, the network administrator said he did not disable Kerberos and experienced the problem with the default configuration of Exchange Server 2003. "I want to stress that the problem occurred with the default configuration," he wrote in an e-mail message.
Microsoft has already developed a patch, which is currently being tested, the network administrator said. Microsoft would not comment on any patch because it is still investigating the issue.
"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, including providing a fix and additional mitigation information if either is warranted," the vendor said.
IDG.net
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Security Pathways to Less Complexity
Find pathways to security solutions, possibly peace of mind about your information security.
Mitigate Risk, Lower Costs and Improve Network Efficiency
Create a stable IP network that not only meets today's challenges, but is flexible enough to also meet future demands.
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
