Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Worm Could Wreck Exchange

The bug in Exchange that Microsoft disclosed Tuesday is too juicy a target for hackers to pass up, security companies warned Wednesday, and users should expect to see a worm pop up any time.

Tuesday, Microsoft patched a flaw in Exchange 2000 and Exchange 2003's calendaring function. According to Microsoft's security bulletin, an attacker could exploit the vulnerability simply by sending a specially-crafted e-mail to the server.

Security experts agreed, and highlighted the danger Exchange administrators face.

"The widespread adoption of Microsoft Exchange and its built-in calendar functionality within the enterprise, combined with the unauthenticated remote access nature of the mail service, means that attackers will race to develop exploit material for this vulnerability," said Gunter Ollmann, director of Internet Security Systems' X-Force research team, in a statement.

"What's most concerning is that exploitation of this vulnerability does not require any user interaction whatsoever," added Ollmann.

  • 1