Internet Security Systems Warns Against Potential Microsoft Exchange Worm
"The widespread adoption of Microsoft Exchange and its built-in calendar functionality within the enterprise, combined with the unauthenticated remote access nature of the mail service, means that attackers will race to develop exploit material for this vulnerability," said Gunter Ollmann, director of ISS' X-Force(R) research and development team. "What is most concerning is that exploitation of this vulnerability does not require any user interaction whatsoever."
“What is most concerning is that exploitation of this vulnerability does not require any user interaction whatsoever.”
As part of its monthly security updates, Microsoft today issued an advisory for a vulnerability in the way Microsoft Exchange Server handles malformed calendar attachments. Exchange Server is unable to properly recover from an invalid property being sent as part of the calendar attachment and may subsequently overwrite data. The vulnerability could allow an unauthenticated attacker to send a specially crafted e-mail message to a Microsoft Exchange Server and cause a denial of service condition or potentially execute arbitrary code. In order to compromise a machine and propagate itself, a malformed attachment would not have to be read by the message recipient.
"In order to take advantage of this vulnerability, a maliciously-crafted e-mail would simply have to reach an organization's Exchange Server," continued Ollmann. "This makes conditions ripe for the creation of a mail-centric worm."
Successful exploitation of this vulnerability could be used to obtain unauthorized access to networks and machines, leading to exposure of confidential information, loss of productivity and further network compromise.
Through its unique Virtual Patch technology, ISS protects against vulnerabilities rather than known exploits to shield businesses from attack until they are able to schedule time to apply patches from affected vendors. The Virtual Patch feature is integrated into ISS' Proventia(R) security products and services, which provide organizations with comprehensive protection for IT assets from network to host. ISS' preemptive approach to security is based on the cutting-edge vulnerability research conducted by the company's X-Force research and development team.
The ISS X-Force alert on this vulnerability can be found at: http://xforce.iss.net/xforce/alerts/id/221
Microsoft's security bulletin addressing this vulnerability can be found at: http://www.microsoft.com/technet/security/current.aspx
About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, ISS' integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. ISS' product line is also complemented by comprehensive Managed Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.
Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.