Friday, June 02, 2006

Security Issues You Need to Know About

I think most of us glance at Microsoft Security Bulletins and count on Windows or Microsoft Update to handle things, but sometimes that's not enough. Having a reasonable secured network is a multi-step process, but even wtih all precautions in place the threat of hackers is real.

Recently Microsoft published a bulletin - like all the others - named MS06-019 (kb: 916803) called Vulnerability in Microsoft Exchange Could Allow Remote Code Execution. In fine print it is labeled as "Critical", but we already know that Microsoft Critical Updates offer a broad range of software patches.

Before I tell you why you need this updated *immediately* applied to your Microsoft Exchange 2000 or 2003 server, I suggest you go and get it. Otherwise you may join a group of network owners that experience a chain of events that goes a little like this:
  • User receives a calendar appointment, it is auto accepted. Nothing catches it as unusual - after all, its just a calendar appointment - with a little code to it that exploits a hole in Exchange.
  • The sender of the appointment now has full control of your server - without your knowledge.
  • The sender goes in and does a few things to cover his tracks like: change your backup jobs so they appear to be running each night without actually backing anything up (for example changes the job to catalog or index, rather than back up).
  • Disables all logging features.
  • Installs various mail server updates.
  • Spams for a while.
  • Formats your servers C drive (erasing most data and killing your server).
  • leaving you with no server, no data, and no backups.

Can this happen to you? Yes - I've seen it. Can you prevent it - yes. Go - now - and do your windows updates. Switch your system to Microsoft Update to get comprehensive protection. Keep in mind you need Microsoft Update to install larger updates to Windows and patches to other Microsoft Applications, otherwise you remain an open target for hacker.

This article is based on: http://www.microsoft.com/technet/security/bulletin/MS06-019.mspx .

- Karl J.