MS Exchange 5.5 Spoofing Flaw Fixed

A security vulnerability in Microsoft’s Exchange
Server 5.5 Outlook Web Access could put users at risk of cross-site
scripting and spoofing attacks, the software giant warned on Tuesday.

As part of its August cycle of software updates, Microsoft released the
moderately critical MS04-026 patch
and re-released the MS04-020 bulletin
to address a new issue in Microsoft Interix.

The Exchange Server 5.5 flaw, which was reported by research firm Sanctum, resolves a software flaw
that could allow an attacker to convince a user to run a malicious script.

“An attacker who successfully exploited the vulnerability could manipulate
Web browser caches and intermediate proxy server caches, and put spoofed
content in those caches,” Microsoft said. They may also be able to exploit the vulnerability
to perform cross-site scripting attacks.”

The bug only affects Microsoft Exchange Server 5.5 SP4 and the Outlook
Web Access component.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web