Microsoft Fixes Exchange Server Flaw

Its regular monthly security update patches a "moderate" flaw in Outlook Web Access for Microsoft Exchange Server 5.5.

George V. Hulme, Contributor

August 10, 2004

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Microsoft released its security bulletin for August. The software maker Tuesday issued Microsoft Security Bulletin MS04-026, which addresses a "moderate" flaw in Outlook Web Access for Microsoft Exchange Server 5.5.

The flaw is what's known as a cross-site scripting and spoofing vulnerability, which makes it possible for an attacker to trick a user into running a malicious script on a victim's system. According to Microsoft's bulletin, if successful, an attacker could manipulate a Web browser and certain proxy server caches to place content of his or her choice within those Internet caches.

In its bulletin, Microsoft warns that users who created customized ASP pages should back up those pages before applying the update. Applying the update will overwrite the customized pages.

The Microsoft security bulletin is available here.

About the Author

George V. Hulme

Contributor

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights