This month's Security Tuesday only includes one bulletin: 04-026. It fixes a cross-site scripting/script injection vulnerability in Exchange 5.5's Outlook Web Access component. If you're using OWA 5.5, a) you should get this fix and b) you should probably be upgrading.
That's not just because I like new shiny things; it's because OWA 2000 and 2003 have a number of security features that either require third-party add-ons or can't be implemented at all in 5.5. Attachment blocking, freedoc control, and support for S/MIME are my three favorites, but chapter 14 of my book discusses all of the new features in much more detail.
That's not just because I like new shiny things; it's because OWA 2000 and 2003 have a number of security features that either require third-party add-ons or can't be implemented at all in 5.5. Attachment blocking, freedoc control, and support for S/MIME are my three favorites, but chapter 14 of my book discusses all of the new features in much more detail.
Posted by Paul at August 10, 2004 01:25 PMTrackBack URL for this entry:
http://www.robichaux.net/cgi-bin/mt-my-tb.cgi/1060
Listed below are links to weblogs that reference Security Tuesday: new vuln in OWA 5.5:
» Exchange 5.5 related Security Bulletin - 04-026 from You Had Me At EHLO...
TITLE: Exchange 5.5 related Security Bulletin - 04-026
URL: #
IP: 66.129.67.203
BLOG NAME: You Had Me At EHLO...
DATE: 08/10/2004 02:22:56 PM [Read More]
» Exchange 5.5 related Security Bulletin (04-026) from You Had Me At EHLO...
TITLE: Exchange 5.5 related Security Bulletin (04-026)
URL: #
IP: 66.129.67.202
BLOG NAME: You Had Me At EHLO...
DATE: 08/10/2004 02:24:13 PM [Read More]