Microsoft Exchange Patch Conflicts With BlackBerry, GoodLink - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
5/10/2006
03:08 PM
50%
50%

Microsoft Exchange Patch Conflicts With BlackBerry, GoodLink

The patch, released this week, eliminates a default privilege allowing users with full access to a mailbox to send mail as if they were the owner of that mailbox.

One of the three security bulletins Microsoft released this week for Exchange could cause problems for Blackberry and GoodLink users.

Microsoft released a patch for Exchange 2003 SP1 called MS06-019 that includes a configuration change that eliminates a default privelege granting any users with "full mailbox access" permission to "Send As" the mailbox owner.

Microsoft claims customers asked that "Send As" permission be separated from the "Full Mailbox Access" permission to deter email spoofing and ensure that e-mails sent by a delegate are distinguished from message sent by the real mailbox owner.

The change to the Exchange configuration may cause issues for Blackberry Enterprise Server and Good Technology's GoodLink Wireless Messaging, Microsoft security experts said during its monthly security call Wednesday.

According to the Microsoft knowledgebase, users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 and Exchange Server 2003.

The news comes as Microsoft holds its annual Mobile & Embedded Developers Conference in Las Vegas. Microsoft now competes against Blackberry Enterprise Server and GoodLink.

"Once you apply the update, users can't send mail on behalf of another user and in knowledgebase [KB]article 912918 we talk about applications that might be affected," said Christopher Budd, a security program manager for Microsoft. "Blackberry is one of the products that may be affected."

Microsoft also cited Good Technology's GoodLink wireless messaging in its list of known third-party product conflicts with MS06-019.

Microsoft also posted two knowledge base (KB) articles about the "send as" change [KB 895949] and has made available a script that offers configuration changes to those users that might be affected.

The configuration change was included in an Exchange 2000 hotfix that went out earlier this year.

During the monthly security briefing, Microsoft also said it has decided to switch from PGP (Prett Good Privacy) to S-MIME standard for e-mail security in the future.

Microsoft also warned users that it will end security support for Windows 98/SE/Millenium on July 11 and for Windows XP SP1 on Oct. 10.

On December 6, 2006 Microsoft will end security updates for Software Update Services 1.0 patch management software.

Microsoft advised customer to start upgrading to Windows XP SP2 and Windows Server Update Services 2.0, which replaced SUS.

Security companies said partners and customers running third-party applications including the two mobile software servers should begin testing the Exchange 2003 SP1 patch throughly.

"IT admins need to test the critical patches in their respective environments to ensure there are no disruptions to their environment before deploying them across the entire network," said Chris Andrew, vice president of security technologies at PatchLink.

Still, Symantec urges partners and customers to deploy the update -- considered the most severe vulnerability in the May release.

This vulnerability could provide an attacker with an opportunity to execute code remotely on a Microsoft Exchange server by sending an e-mail with malicious calendar properties, according to a statement issued by Symantec.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Commentary
The Best Way to Get Started with Data Analytics
John Edwards, Technology Journalist & Author,  7/8/2020
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll