Hackers Expected To Target Exchange - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:24 PM

Hackers Expected To Target Exchange

Security experts are warning users to brace themselves for the imminent arrival of a worm that could wreak havoc with Microsoft Exchange, thanks to a bug in the program.

The bug in Exchange that Microsoft disclosed Tuesday is too juicy a target for hackers to pass up, security companies warned Wednesday, and users should expect to see a worm pop up any time.

Tuesday, Microsoft patched a flaw in Exchange 2000 and Exchange 2003's calendaring function. According to Microsoft's security bulletin, an attacker could exploit the vulnerability simply by sending a specially-crafted e-mail to the server.

Security experts agreed, and highlighted the danger Exchange administrators face.

"The widespread adoption of Microsoft Exchange and its built-in calendar functionality within the enterprise, combined with the unauthenticated remote access nature of the mail service, means that attackers will race to develop exploit material for this vulnerability," said Gunter Ollmann, director of Internet Security Systems' X-Force research team, in a statement.

"What's most concerning is that exploitation of this vulnerability does not require any user interaction whatsoever," added Ollmann.

Ollmann's team has confirmed that crashing Exchange is an easy chore. Worse, firewall best practices aren't an adequate defense.

"We expect to see active exploitation of this issue in the wild with the possibility of a worm," ISS said in its advisory.

Symantec seconded the motion in its own alert to DeepSight Threat Management System customers, but added that a "fuzzer" -- a tool used by both security professionals and hackers to vulnerability-stress test an application -- has already appeared, increasing the danger.

"Immunity [Security] has released an iCal fuzzer to their product partners," read the Symantec warning. "Although it is not known if this fuzzer is capable of triggering the bug addressed by this alert, there is a possibility it will in the future, or may find other unreported vulnerabilities. The fuzzer has been distributed as a module for the CANVAS exploit framework. Given the rapid development of this tool, it is likely that an exploit for this issue will be developed in the near future."

A working exploit could wreak havoc, Symantec added. Armed with one, all an attacker would have to do to compromise a large number of PCs would be to spam the worm to a list of e-mail addresses.

"Furthermore, a sophisticated worm could be created that uses different search engines to harvest addresses dynamically using randomly generated searches to avoid potential address collisions," the Cupertino, Calif.-based security giant concluded.

Symantec tagged the Exchange vulnerability as a "10" in its 1-through-10 scale to indicate the urgency with which administrators should patch their mail servers. Vulnerability tracker Secunia, meanwhile, marked the Exchange bugs as "Highly critical," its second-from-the-top ranking.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll