So we have a KB, Download and a Security Bulletin ;-)
NOTE: This also affects Exchange 2007, but is included in RU3 for Exchange 2007 SP1 and RU7 for Exchange 2007 RTM
This update addresses the Microsoft Exchange Server vulnerability addressed in the Microsoft Security Bulletin MS07-026.
MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server could allow elevation of privilege
http://support.microsoft.com/kb/953747
Microsoft Security Bulletin MS08-039 – Important
http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx
Executive Summary
This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session. This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.
Known Issues. Microsoft Knowledge Base Article 953747 documents the currently known issues that customers may experience when installing this security update
Affected Software
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007
Microsoft Exchange Server 2007 Service Pack 1
flaphead.com 