News
News
5/10/2006
12:24 PM
50%
50%

Hackers Expected To Target Exchange

Security experts are warning users to brace themselves for the imminent arrival of a worm that could wreak havoc with Microsoft Exchange, thanks to a bug in the program.

The bug in Exchange that Microsoft disclosed Tuesday is too juicy a target for hackers to pass up, security companies warned Wednesday, and users should expect to see a worm pop up any time.

Tuesday, Microsoft patched a flaw in Exchange 2000 and Exchange 2003's calendaring function. According to Microsoft's security bulletin, an attacker could exploit the vulnerability simply by sending a specially-crafted e-mail to the server.

Security experts agreed, and highlighted the danger Exchange administrators face.

"The widespread adoption of Microsoft Exchange and its built-in calendar functionality within the enterprise, combined with the unauthenticated remote access nature of the mail service, means that attackers will race to develop exploit material for this vulnerability," said Gunter Ollmann, director of Internet Security Systems' X-Force research team, in a statement.

"What's most concerning is that exploitation of this vulnerability does not require any user interaction whatsoever," added Ollmann.

Ollmann's team has confirmed that crashing Exchange is an easy chore. Worse, firewall best practices aren't an adequate defense.

"We expect to see active exploitation of this issue in the wild with the possibility of a worm," ISS said in its advisory.

Symantec seconded the motion in its own alert to DeepSight Threat Management System customers, but added that a "fuzzer" -- a tool used by both security professionals and hackers to vulnerability-stress test an application -- has already appeared, increasing the danger.

"Immunity [Security] has released an iCal fuzzer to their product partners," read the Symantec warning. "Although it is not known if this fuzzer is capable of triggering the bug addressed by this alert, there is a possibility it will in the future, or may find other unreported vulnerabilities. The fuzzer has been distributed as a module for the CANVAS exploit framework. Given the rapid development of this tool, it is likely that an exploit for this issue will be developed in the near future."

A working exploit could wreak havoc, Symantec added. Armed with one, all an attacker would have to do to compromise a large number of PCs would be to spam the worm to a list of e-mail addresses.

"Furthermore, a sophisticated worm could be created that uses different search engines to harvest addresses dynamically using randomly generated searches to avoid potential address collisions," the Cupertino, Calif.-based security giant concluded.

Symantec tagged the Exchange vulnerability as a "10" in its 1-through-10 scale to indicate the urgency with which administrators should patch their mail servers. Vulnerability tracker Secunia, meanwhile, marked the Exchange bugs as "Highly critical," its second-from-the-top ranking.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.