The Internet Security Systems has warned of a possible worm attack due to a vulnerability in the Microsoft Exchange calendar feature. According to ISS, the vulnerability can be exploited by a hacker sending a specially designed email to the server.


The Internet Security Systems has warned of a possible worm attack due to a vulnerability in the Microsoft Exchange calendar feature. According to ISS, the vulnerability can be exploited by a hacker sending a specially designed email to the server.

Gunter Ollmann, director of ISS’ X-Force® research and development team, said: “The widespread adoption of Microsoft Exchange and its built-in calendar functionality within the enterprise, combined with the unauthenticated remote access nature of the mail service, means that attackers will race to develop exploit material for this vulnerability.

What is most concerning is that exploitation of this vulnerability does not require any user interaction whatsoever.” [Source]

Microsoft Security Bulletin has issued an advisory about the vulnerability.

According to the bulletin, a hacker can send a specially crafted email to the Microsoft Exchange server and cause Denial of Service or execute arbitary code. The message need not be read by the recipient to cause the malfunction.

For more information on this vulnerability, click here.

For Microsoft Security Bulletin’s advisory on this vulnerability, click here.

 

 

 

 

Sharing is caring