 |
Microsoft
Security Bulletin MS08-039 |
07/08/2008 |
Overview
Microsoft
has released a new security update to fix two vulnerabilities
in Outlook Web Access (OWA) for Microsoft Exchange Server.
Severity
|
|
These vulnerabilities could allow elevation of privilege.
|
Affected Systems
-- Microsoft Exchange Server 2003 SP2
-- Microsoft Exchange Server 2007
-- Microsoft Exchange Server 2007 SP1
Recommendations
The Secure Elements
Security Lab engineers recommend you patch all your affected systems as
soon as possible.
C5 EVM Users
•
Create remediation templates from the following remediations:
- SE-0003944 (MS - MS08-039) Install security update MS08-039
for Microsoft Exchange Server 2003 Service Pack 2 (KB950159)
- SE-0003944 (MS - MS08-039) Install security update MS08-039 for Microsoft Exchange Server 2007 (KB953469)
- SE-0003944 (MS - MS08-039) Install security update MS08-039 for Microsoft Exchange Server 2007 SP1 (KB949870)
and
dispatch them to the appropriate assets.
Non
C5 EVM users
• Download and install
the security update for Windows Domain Name System (DNS)
as
described in Microsoft security
bulletin
MS08-039.
Technical
Details
This security update
resolves two
vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server that could allow elevation of privilege.
Sources
http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1454
Dragos Prisaca
Sr. Security Content
Lead
Secure Elements Security Labs
seclabs@secure-elements.com
©
2008 Secure Elements All Rights Reserved