I'm a bit surprised there hasn't been more news covering this one yet, but if you haven't seen the latest security updates from MS, there was a fix posted this week for MS Exchange 2000, 2003 and 2007 with regard to how they handle RTF (rich text format) messages.
http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx
In short summation - a client machine could open (or simply preview) a specially formatted RTF message, and that could allow any manner of code to be run against the Exchange server with "service" level permissions.
The potential ramifications of this security issue is rather stunning. If you haven't updated your exchange servers yet, you really really should before this starts getting exploited.
Lan
Thursday, February 12, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment