Exploit Out For Exchange Bug - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:46 PM

Exploit Out For Exchange Bug

Symantec isn't sure if the Immunity exploit against the Exchange calendar targets the same vulnerability that Microsoft already patched, or if it's an attack against a new zero-day bug.

A security company with vulnerability expertise has released a denial-of-service exploit against Microsoft Exchange's calendar, the same feature patched earlier this week that has analysts worried about a worm, Symantec said Thursday.

Immunity Security, which markets the CANVAS exploit tool, has added the capability to launch a denial-of-service (DoS) attack against Exchange, Microsoft's mail server software, Symantec said in an alert to enterprise customers.

"This closely follows the initial release of the fuzzer targeting the same service," Symantec said. On Wednesday, Immunity unveiled a stress-test tool, a "fuzzer," that hammered on one of the two calendar functions mentioned in Microsoft's MS06-019 security bulletin.

Symantec isn't sure if the Immunity exploit targets the same vulnerability that Microsoft patched, or is an attack against a new zero-day bug.

Because Immunity only releases its exploits to users of the CANVAS framework, Symantec said it was "unlikely" that it would leak to hackers in the near future.

In the past, however, Immunity's development of an exploit has been followed by independent work by hackers. In October 2005, for instance, Immunity released an exploit for a bug patched the previous day by Microsoft; by the end of November, others had come up with their own attacks.

Symantec recommended that companies not only patch the vulnerability fixed in MS06-019, but also apply the workarounds outlined in the bulletin in case the Immunity exploit is aimed an unpatched problem.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll