Archive | August 11, 2004

Microsoft Security Bulletins

Microsoft released their monthly securty bulletins identifying yet another cross-site scripting error, this time with the beleagured Outlook Web Access (OWA) in Exchange 5.5. OWA has a long history of issues. I don’t think that exposing Exchange via an HTML interface is a good idea. SMTP and POP with authentication, SSL, passwords and perhaps VPNs offer a far more secure way for clients to access Exchange remotely. Better yet, find a secure mail server. for more details.

The second email I got was a “re-release” of MS04-020 showing that more products are affected. If you are running INTERIX 2.2 (what’s that?), you’ll want to review the bulletin at

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.