Several articles in the last few days about a permission-less security hole in Exchange.  The first articles had headlines like "Worm could wreck  Exchange" and "Hackers expected to target Exchange".  Within 24 hours, that moved to "Exploit out for Exchange bug".  From "Worm could wreck Exchange":

The bug in Exchange that Microsoft disclosed Tuesday is too juicy a target for hackers to pass up, security companies warned Wednesday, and users should expect to see a worm pop up any time.
Tuesday, Microsoft patched a flaw in Exchange 2000 and Exchange 2003's calendaring function. According to Microsoft's security bulletin, an attacker could exploit the vulnerability simply by sending a specially-crafted e-mail to the server. ...

"What's most concerning is that exploitation of this vulnerability does not require any user interaction whatsoever," added Ollmann [Gunter Ollmann, director of Internet Security Systems' X-Force research team].

Post a Comment