Microsoft Issues Exchange Sharepoint Related Security Advisory
August 24, 2012
Possible a first in the industry, Microsoft Security Research Center published Microsoft Security Advisory (2737111), which describes how possible vulnerabilities in Oracle Outside In libraries affect the WebReady Document Viewing functionality of Microsoft Exchange and FAST Search Server. Oracle also released their own Critical Patch Update Advisory. Here are more details about the security risk:
“The vulnerabilities exist due to the way that files are parsed by the third-party, Oracle Outside In libraries. In the most severe case of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010, it is possible under certain conditions for the vulnerabilities to allow an attacker to take control of the server process that is parsing a specially crafted file. An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do.”
If you think you may be affected by this, look at this blog post that recommends the workarounds to be done.
Take note that there are 24 other companies – some of them industry giants – that also make use of the said Oracle library. Some of them are IBM, Cisco, Symantec, and McAfee. Hopefully, these companies will soon be able to assess the impact of the said vulnerability on their platforms and issue a security update soon.
Lauren Llamanzares, August 24, 2012
Sponsored by ArnoldIT.com, developer of Augmentext