Get ready for stupid question of the year. If you have a separate server for OWA, are you suppose to install this patch on just on your OWA server or on your Exchange server too?
thanx Aaron -----Original Message----- From: Mike Hoskins [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 12:39 PM To: Exchange Discussions Subject: FW: Security Alert, December 7, 2001: OWA Script Execution Vulner ability in Microsoft Exchange FYI -----Original Message----- From: Security UPDATE [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 1:17 PM Subject: Security Alert, December 7, 2001: OWA Script Execution Vulnerability in Microsoft Exchange **** This Security Alert is brought to you by the Security Administrator channel on the Windows 2000 Magazine Network **** http://www.secadministrator.com ============================================================ FREE Outbreak Prevention Service for SMTP Gateway http://lists.win2000mag.net/cgi-bin3/flo?y=eJZc0CJZLk0BVg0oNJ0AM ============================================================ * TREND MICRO INTERSCAN MESSAGING SECURITY SUITE InterScan(R) Messaging Security for SMTP is a high performance policy-based antivirus and content security for the SMTP gateway designed to protect your messaging system from virus outbreaks. Its Outbreak Prevention Policy is a fast defense against new email-borne virus. Automatically deployed policies give administrators peace of mind while offering an effective protection available against new viruses. Get your free Outbreak Prevention service today! For program details or to download your 30-day FREE InterScan evaluation copy: http://lists.win2000mag.net/cgi-bin3/flo?y=eJZc0CJZLk0BVg0oNJ0AM ******************** Security Alert, December 7, 2001 * OUTLOOK WEB ACCESS SCRIPT EXECUTION VULNERABILITY IN MICROSOFT EXCHANGE SERVER 5.5 Whitehat Security reported that a vulnerability exists in the Microsoft Exchange Server 5.5 Outlook Web Access (OWA) service that lets an attacker take any action on the user's mailbox that the user can take, including deleting, moving, and sending messages. The vulnerability results from a problem in the way that OWA handles inline script messages used in conjunction with Internet Explorer (IE). If the attacker uses OWA to open an HTML message containing a specially formed script, the script executes under the user's security context. Microsoft has released Security Bulletin MS01-057 to address this vulnerability and recommends that affected users apply the patch provided at this URL. http://www.secadministrator.com/articles/index.cfm?articleid=23433 Thank you for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list! Sincerely, The Security UPDATE Team ([EMAIL PROTECTED]) Michael Hoskins Exchange Administrator CORESTAFF Services (713)438-1505 [EMAIL PROTECTED] **************************************************************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
