MS08-039: Which users are vulnerable to the OWA XSS vulnerability?

This makes an interesting read .. Found it up on the Security Vulnerability Research & Defense Blog


Today we released MS08-039 which addressed several XSS vulnerabilities in Microsoft Exchange’s Outlook Web Access component.  While this is an update to be applied to the Exchange server, the clients who use OWA are the computers potentially at risk.  We’d like to explain a little more about the vulnerability so that you can determine whether you or your organization are at risk.

OWA has two modes: OWA Light (or OWA Basic for Exchange 2003), and OWA Premium. In short, if OWA Light/Basic is used, you are vulnerable to the XSS vulnerability. You can tell whether OWA Light is used via the “Use Outlook Web Access Light” check box in OWA’s logon screen.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: