Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Exploit Out For Exchange Bug

A security company with vulnerability expertise has released a denial-of-service exploit against Microsoft Exchange's calendar, the same feature patched earlier this week that has analysts worried about a worm, Symantec said Thursday.

Immunity Security, which markets the CANVAS exploit tool, has added the capability to launch a denial-of-service (DoS) attack against Exchange, Microsoft's mail server software, Symantec said in an alert to enterprise customers.

"This closely follows the initial release of the fuzzer targeting the same service," Symantec said. On Wednesday, Immunity unveiled a stress-test tool, a "fuzzer," that hammered on one of the two calendar functions mentioned in Microsoft's MS06-019 security bulletin.

Symantec isn't sure if the Immunity exploit targets the same vulnerability that Microsoft patched, or is an attack against a new zero-day bug.

Because Immunity only releases its exploits to users of the CANVAS framework, Symantec said it was "unlikely" that it would leak to hackers in the near future.

  • 1