Worm Could Wreck Exchange
 

The bug in Exchange that Microsoft disclosed Tuesday is too juicy a target for hackers to pass up, security companies warned Wednesday, and users should expect to see a worm pop up any time.Tuesday, Microsoft patched a flaw in Exchange 2000 and Exchange 2003's calendaring function. According to Microsoft's security bulletin, an attacker could exploit the vulnerability simply by sending a specially-crafted e-mail to the server.Security experts agreed, and highlighted the danger Exchange administrators face."The widespread adoption of Microsoft Exchange and its built-in calendar functionality within the enterprise, combined with the unauthenticated remote access nature of the mail service, means that attackers will race to develop exploit material for this vulnerability," said Gunter Ollmann, director of Internet Security Systems' X-Force research team, in a statement."What's most concerning is that exploitation of this vulnerability does not require any user interaction whatsoever," added Ollmann.Ollmann's team has confirmed that crashing Exchange is an easy chore. Worse, firewall best practices aren't an adequate defense. News source: CRNRead full story...



News source: Full Story