Symantec Security Response - 11 Aug 2004

Symantec Security Response - 11 Aug 2004

Good afternoon Today, Microsoft announced one new product vulnerability -- Microsoft Exchange Outlook Web Access (OWA) Script Injection Vulnerability -- along with patch information that impacts primarily enterprise customers. Microsoft Outlook Web Access (OWA) is a software service and enables administrators to use a Web browser to access their Exchange mailbox to read or send mail, manage their calendars, or perform other mail functions over the Internet.

It is rated a moderate risk vulnerability and if left unpatched, the vulnerability could allow hostile script to access properties of the OWA server and Web pages hosted on the site. If successfully exploited, the hacker could perform various attacks including session hijacking, and content spoofing. However, a attacker must be authenticated or the vulnerable server must allow anonymous access. The server itself cannot be attacked through this method.

"As the time between vulnerability disclosure and exploit continues to shrink, proactive approach to vulnerability management is important in securing the network against unknown threats," said Alfred Huger, senior director, Symantec Security Response. "IT administrators should evaluate the possible impact of the newly announced vulnerability to their systems, plan for necessary measures including patch deployment and implementation of security best practices using multiple security solutions effectively and taking proactive steps in securing the network."

Symantec security experts will closely monitor for any unusual activities and will provide security content and intelligence as necessary.

ENDS

© Scoop Media