Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune
  • Home
  • Security
  • MS06-019 Critical Fix Brings Changes in Granting of Mailbox Access

MS06-019 Critical Fix Brings Changes in Granting of Mailbox Access

Kenneth Spiteri

Kenneth Spiteri Photo

Kenneth is an Exchange Administrator who loves to share anything he finds interesting with the rest of the community. He also helps with the administration of the site.

  • Published: May 10, 2006
  • Category: Security
  • Votes: none - none
Cast your Vote
Poor Excellent

The MS06-019 critical fix demands immediate action. Blocking the danger of remote code execution cannot but take the highest priority. Nevertheless extra care is required as the update also brings important changes in granting mailbox access.

Microsoft just released the MS06-019 security bulletin, disclosing the existence of remote code execution vulnerability in Exchange 2000 and 2003.

The vulnerability is rated as Critical. It may be anonymously exploited through the submission of a specifically crafted message. A successful attacker could be able to take control of the affected system.

Based on the bulletin details, the problem originates from the handling of iCard and vCard MIME content types. So far, there are no exploits or proof of concept code in the wild. Nevertheless now that the existence of the vulnerability is public, maleware developers are likely to look for ways to deliver an exploit.

Apart for eliminating the vulnerability, the fix also causes changes in granting of mailbox access rights. This concerns the permission necessary for sending emails on behalf of another mailbox owner. As highlighted in an earlier article the change may lead to mailbox access problems.

This important change was announced a few months ago. Now with MS06-019 there is little choice other than moving ahead with the update. In this manner both the vulnerability fix and the changes in mailbox access are deployed. Microsoft released a very detailed KB article (see references) explaining the changes and how to resolve any consequent loss in mailbox access. Check this to ensure a smooth adoption of this fix.

References

Microsoft Security Bulletin MS06-019

Changes in Mailbox Access Rights May Stop Exchange Applications

Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003

Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation