Microsoft Exchange Server Multiple Vulnerabilities

1. An information disclosure vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could discover stacktrace details.

To exploit the vulnerability, an attacker would have to create a specially crafted web application request and then submit it to a web application. The security update addresses the vulnerability by correcting how Microsoft Exchange OWA handles web requests.

Microsoft received information about the vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

2. Spoofing vulnerabilities exist in Microsoft Exchange Server when OWA does not properly sanitize specially crafted email. An authenticated attacker could exploit the vulnerabilities by sending a specially crafted email to a user. An attacker could then perform HTML injection attacks on affected systems, and attempt to trick the user into disclosing sensitive information.

To exploit the vulnerabilities, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user via OWA in an attempt to convince the user to click it.

In a web-based attack scenario, an attacker could host a malicious website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the malicious website. The attacker would have to convince the user to visit the malicious website, typically by enticing the user to click a link in either an instant messenger or email message that takes the user to the attacker's malicious website, and then convince the user to interact with content on the malicious website.

The security update addresses the vulnerabilities by helping to ensure that OWA properly sanitizes email content.