Microsoft Exchange Patch Conflicts With BlackBerry, GoodLink - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:08 PM

Microsoft Exchange Patch Conflicts With BlackBerry, GoodLink

The patch, released this week, eliminates a default privilege allowing users with full access to a mailbox to send mail as if they were the owner of that mailbox.

One of the three security bulletins Microsoft released this week for Exchange could cause problems for Blackberry and GoodLink users.

Microsoft released a patch for Exchange 2003 SP1 called MS06-019 that includes a configuration change that eliminates a default privelege granting any users with "full mailbox access" permission to "Send As" the mailbox owner.

Microsoft claims customers asked that "Send As" permission be separated from the "Full Mailbox Access" permission to deter email spoofing and ensure that e-mails sent by a delegate are distinguished from message sent by the real mailbox owner.

The change to the Exchange configuration may cause issues for Blackberry Enterprise Server and Good Technology's GoodLink Wireless Messaging, Microsoft security experts said during its monthly security call Wednesday.

According to the Microsoft knowledgebase, users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 and Exchange Server 2003.

The news comes as Microsoft holds its annual Mobile & Embedded Developers Conference in Las Vegas. Microsoft now competes against Blackberry Enterprise Server and GoodLink.

"Once you apply the update, users can't send mail on behalf of another user and in knowledgebase [KB]article 912918 we talk about applications that might be affected," said Christopher Budd, a security program manager for Microsoft. "Blackberry is one of the products that may be affected."

Microsoft also cited Good Technology's GoodLink wireless messaging in its list of known third-party product conflicts with MS06-019.

Microsoft also posted two knowledge base (KB) articles about the "send as" change [KB 895949] and has made available a script that offers configuration changes to those users that might be affected.

The configuration change was included in an Exchange 2000 hotfix that went out earlier this year.

During the monthly security briefing, Microsoft also said it has decided to switch from PGP (Prett Good Privacy) to S-MIME standard for e-mail security in the future.

Microsoft also warned users that it will end security support for Windows 98/SE/Millenium on July 11 and for Windows XP SP1 on Oct. 10.

On December 6, 2006 Microsoft will end security updates for Software Update Services 1.0 patch management software.

Microsoft advised customer to start upgrading to Windows XP SP2 and Windows Server Update Services 2.0, which replaced SUS.

Security companies said partners and customers running third-party applications including the two mobile software servers should begin testing the Exchange 2003 SP1 patch throughly.

"IT admins need to test the critical patches in their respective environments to ensure there are no disruptions to their environment before deploying them across the entire network," said Chris Andrew, vice president of security technologies at PatchLink.

Still, Symantec urges partners and customers to deploy the update -- considered the most severe vulnerability in the May release.

This vulnerability could provide an attacker with an opportunity to execute code remotely on a Microsoft Exchange server by sending an e-mail with malicious calendar properties, according to a statement issued by Symantec.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
How COVID is Changing Technology Futures
Jessica Davis, Senior Editor, Enterprise Apps,  7/23/2020
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
Register for InformationWeek Newsletters
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll