Microsoft Uncovers Exchange Server 5.5 Vulnerability
A flaw in the version, for which Microsoft has released a patch, could allow an attacker to execute code on other clients' systems.A flaw in an old but still popular version of Microsoft Exchange Server could allow an attacker to execute code on other clients systems, according to a security bulletin released Tuesday by Microsoft, along with a patch for the flaw. The bulletin, designated MS04-026, was the sole new security bulletin Microsoft released Tuesday for the month of August. The single patch closely follows the public release of Windows XP Service Pack 2 (SP2). The Exchange Server bulletin, which Microsoft deemed one of "moderate" severity, describes a potential remote code execution on Exchange 5.5 (SP4) through Outlook Web Access. Exchange Servers 2000 and 2003 are not vulnerable.
Proper use of authentication and secure network protocols to access Exchange Server make it more difficult to exploit, according to the bulletin.