kayodeok's Weblog

Tuesday 10 August 2004

MS Security Bulletins - 10 August

One MS Security Bulletin issued today.

Microsoft Security Bulletin MS04-026

Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks

This update resolves a newly-discovered, privately reported vulnerability. A cross-site scripting and spoofing vulnerability exists in Outlook Web Access for Exchange Server 5.5 that could allow an attacker to convince a user to run a malicious script.

An attacker who successfully exploited the vulnerability could manipulate Web browser caches and intermediate proxy server caches, and put spoofed content in those caches. They may also be able to exploit the vulnerability to perform cross-site scripting attacks.

References:

• Technical: Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)
• Knowledgebase: MS04-026: Vulnerability in Exchange Server 5.5 Outlook Web Access could allow cross-site scripting and spoofing attacks
• Secunia: Microsoft Exchange HTML Redirection Script Insertion Vulnerability

Related Tools

• Microsoft Baseline Security Analyzer (MBSA)
• Software Update Services (SUS)
• Windows Update
• Microsoft Security Tools