|
May 2006
Microsoft on Tuesday released a security update which addresses a critical flaw in its Exchange e-mail server
This critical vulnerability in Microsoft Exchange could allow
an attacker to send a specially crafted e-mail message to a
Microsoft Exchange Server and cause either a denial of service
condition or potentially gain full control of the system.
Given the potential magnitude of this vulnerability and the
potential impact to your systems, over the next few days,
EveryNetwork will be assigning a high priority to either the
on-site or remote installation of software patches to vulnerable
customer Exchange server(s).
More details about the vulnerability are listed below:
The Vulnerability
- A message sent to a vulnerable Exchange server as a
specially-formatted calendar item could allow a hacker to
take control of the server.
- Current versions of anti-virus software do not, at this
time, offer protection against this vulnerability and it is
uncertain if future versions of anti-virus software will
offer this feature.
- No user interaction is required for the exploit -- a
message just needs to arrive at the vulnerable Exchange
server.
- While no known exploits for this vulnerability currently
exist, one could appear at any time.
The Fix
- The fix will require a brief downtime of the Exchange
server while the patch is applied. It is anticipated to be
2-15 minutes. We will work with your office to schedule an
appropriate time.
- Additionally, Exchange server customers running
Blackberry and Good servers will require some minor
configuration adjustments to work with the modified Exchange
server.
More details on the vulnerability can be found online at:
http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx
Microsoft releases security patches every month. The
EveryNetwork team reviews and applies these patches in a timely
manner without any special alerts to our customers. However, the
nature of this particular vulnerability is an extremely high
priority which is why EveryNetwork is taking this extra step to
notify our customers and very quickly put the patch in place.
As always, EveryNetwork takes the security of your office
network very seriously. We will continue to monitor industry
sources to make sure your systems are running the most
up-to-date system updates and patches.
About EveryNetwork
EveryNetwork, founded in 1996 and headquartered in Waltham,
MA, is a Network Lifecycle Management company that
specializes in solving the tough IT problems for high
velocity, communications-intensive companies. The company
works with leading venture capitalist and private equity
firms, as well as biotech, legal, management consulting and
high technology companies—organizations that rely heavily on
their communications infrastructure. In order to service key
markets on the east and west coasts, EveryNetwork has
locations in the Boston, San Francisco and New York
metropolitan areas.
Contact
Jonathan Pace
EveryNetwork
781-647-2262
jpace@EveryNetwork.com
|
