Fix for a Security Hole that Exists in Exchange Server

Exchange Server SecuritySecurity is a very important aspect of any system, so it’s important to keep it up to date and properly tested. The big reason to keep this on point is because when you have vulnerability you sacrifice a lot of your systems critical information. Even if you have key codes encrypted it’s very important to never let anything malicious get inside your system.

In the past 10 years encryption has come a long way but some of the earlier, less secure practices are still being used, which can jeopardize your entire environment. In order to make sure your system is up-to-date with current practices you should review all of your policies and procedures. Reviewing your own implementations is a good start as you will be able to see how you compare to recommended standard procedures.

Some key things to look for are the type of encryptions that are being performed on passwords in your database. This is generally a good start point as you can see where your system stands. Password encryption efficiency can usually relate to what year it was implemented because each year encryption is always being improved.

Another good way to tell how your system is performing would be to measure how many attacks you’re getting per year (Hopefully none!). Although users are generally the reason for these inadvertent attacks, as they accidentally download all kinds of things onto their system, this could be a good thing as it keeps your skills sharp and your toes on edge. Although your goal is to be 100% free of attacks, what you really want is to be 100% defendable against attacks. This will come in time but preparation is a key component to keeping your system secure.

Since we’ve been measuring our systems security defenses, it’s important to note that even the best networks are constantly being attacked. With that said Microsoft has recently released a crucial security update for its Exchange Server. This update was needed because recently it was discovered that Exchange Server had a big hole in its protocol.

Exchange Server’s recent hole was that there were major vulnerabilities in its WebReady Document Viewing and Data Loss Prevention feature. What’s extremely scary is that this particular hole would allow someone with malicious intent to run remote code and execute it on your system. The details of how this could be initiated are that a user would view a modified file using the Outlook Web App. Then that file would be trans-coded by the standard WebReady document viewing which uses its own credentials, thus providing that file with a way into a system. The Data Loss Prevention feature has a feature that allows it to host code which could possibly allow remote code execution, while under the impression that it’s running under the security context of the Filter Management service.

Now this file must be modified for this purpose alone. It should also be known that this code is using the credentials of the local service account which has limited privileges on its current system, but within the network it will have anonymous credentials. With Microsoft’s newest security update this hole is fixed, but what exactly does the update fix?

It’s important to know what the update fixes so we can figure out where the malicious code is attempting to hide. In this case the update fixes a specific vulnerability within the Oracle Outside In libraries, and replaces it with a non-vulnerable version.

Now if an attacker successfully got access to this security hole, what could he do? Well in this case an attacker would be able to run arbitrary code within the network. Then the attacker could do just about anything on the system, anything from; install programs, change, and view, delete data, or do anything else that the network offers. Remember that for an attacker to gain access the user must specifically view the modified file through WebReady document viewing. Microsoft just released this update fix for all systems as they are all affected (by all I mean 2007, 2010, and 2013 versions). You need to grab this update as soon as you can in order to protect your system and your data. If you are unsure about whether your system is affected, Microsoft provides a Malicious Software Removal tool for you to determine that.

Written by Jacob Rede

Leave A Reply