Microsoft released their monthly securty bulletins identifying yet another cross-site scripting error, this time with the beleagured Outlook Web Access (OWA) in Exchange 5.5. OWA has a long history of issues. I don't think that exposing Exchange via an HTML interface is a good idea. SMTP and POP with authentication, SSL, passwords and perhaps VPNs offer a far more secure way for clients to access Exchange remotely. Better yet, find a secure mail server. http://go.microsoft.com/fwlink/?LinkId=29234 for more details.
The second email I got was a "re-release" of MS04-020 showing that more products are affected. If you are running INTERIX 2.2 (what's that?), you'll want to review the bulletin at http://www.microsoft.com/technet/security/bulletin/MS04-020.mspx
9:00:08 AM 
|
|
