Microsoft is investigating a potential security issue with Exchange Server 2003, which would be the first since the e-mail server was launched last month.
The potential flaw lies in the Outlook Web Access (OWA) component of Exchange Server 2003. A network administrator at a Nashville, Tennessee, provider of investment performance reporting tools found that users logging in to OWA could be logged in to another user's mailbox at random and have full access privileges.
"This seems to be a major security flaw and we have had to shut off OWA indefinitely because of the issue," the network administrator wrote in a posting to NTBugtraq, a well-known security mailing list.
A preliminary investigation by Microsoft indicated that the issue occurs only with Kerberos authentication disabled, which the vendor said is uncommon. "We recommend that our customers ensure that Kerberos authentication is enabled, which is the default configuration," Microsoft said in a statement Friday.
News source: Infoworld.com
The potential flaw lies in the Outlook Web Access (OWA) component of Exchange Server 2003. A network administrator at a Nashville, Tennessee, provider of investment performance reporting tools found that users logging in to OWA could be logged in to another user's mailbox at random and have full access privileges.
"This seems to be a major security flaw and we have had to shut off OWA indefinitely because of the issue," the network administrator wrote in a posting to NTBugtraq, a well-known security mailing list.
A preliminary investigation by Microsoft indicated that the issue occurs only with Kerberos authentication disabled, which the vendor said is uncommon. "We recommend that our customers ensure that Kerberos authentication is enabled, which is the default configuration," Microsoft said in a statement Friday.
News source: Infoworld.com
SuSE affirmed Friday that SCO Group's threat against Novell would not affect the company's plans to buy SuSE. To the contrary, SuSE has been a partner with SCO Group as part of UnitedLinux, Geck says. "Also, doesn't SCO have to be selling something for Novell to compete?"
Both SuSE and Red Hat have expressed annoyance at SCO for the time they've had to spend assuring their customers that SCO's claims have yet to be proven. In August, Red Hat filed a formal complaint against SCO in Delaware's U.S. District Court seeking "declaratory judgment" that Red Hat Linux does not infringe any copyright owned by SCO and seeking money for harm caused by SCO's public-relations campaign against Linux.
Geck says he sympathizes with Red Hat's position. "Users are afraid, just from the cost of possibly having to defend a lawsuit," he says.
"Experience the enhanced security, increased productivity, and integrated mobility features."
New enhanced features like being able to randomly check and edit other people's mail
curently the single flaw doesnt seem like much alone
Who cares? The point is, how many people are doing that? Not many.
Oh REALLY? OK, smart guy, give me even ONE way to do this with windows 200x - just one will do... Because your claim basically says, "I can disable all security on any box without effort and my method has lain undiscoverd for 10 years" Impress us...
Meanwhile, sure, looks like there could be a vulnerability in some MS software that has a significant part of it's DEFAULT security disabled on purpose. Wow, that could never happen in any other OS...
i don't think he did claim anything.. they were all questions!
PEACE!
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.