Security Update for Exchange Server 2003 SP2 (KB950159)

So we have a KB, Download and a Security Bulletin ;-) 

NOTE: This also affects Exchange 2007, but is included in RU3 for Exchange 2007 SP1 and RU7 for Exchange 2007 RTM


This update addresses the Microsoft Exchange Server vulnerability addressed in the Microsoft Security Bulletin MS07-026.

MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server could allow elevation of privilege

Microsoft Security Bulletin MS08-039 – Important

Executive Summary
This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session. This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the validation of HTTP session data within OWA. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation.  Microsoft recommends that customers apply the update at the earliest opportunity.
Known Issues.  Microsoft Knowledge Base Article 953747 documents the currently known issues that customers may experience when installing this security update

Affected Software
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007
Microsoft Exchange Server 2007 Service Pack 1

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.