Exchange admins you will have your hands full, especially if you are running your own RIM/Blackberry Enterprise Server. Please read the earlier entry by Johannes for details on the "gotcha" there. This vulnerability allows for remote code execution and is critical that it be patched. Here are the details as reported by Microsoft:
Maximum Severity Rating: Critical
Micosoft recommends two work arounds for this vulnerability. Keep in mind that these work arounds can break other required functionality and cause you lots of pain. Patching is the recommended solution.
1. Require authentication for connections to a server that is running Microsoft Exchange Server for all client and message transport protocols.
2. Block iCal/vCal on Microsoft Exchange Server to help protect against attempts to exploit this vulnerability through SMTP e-mail.
EXCDO and CDOEX functionality provided with Exchange server does not properly process certain iCAL and vCAL properties provided in email messages. Collaboration Data Objects for Exchange (CDOEX) and Exchange Collaboration Data Objects (EXCDO) are interfaces that allow for certain types of information to be processed in the Exchange store. Virtual Calendar (vCAL) and Internet Calendar (iCAL) is a MIME content type used by Microsoft Exchange Server and email clients when sending and exchanging information related to calendars and scheduling.
In short, when the exchanger server receives a message that contains specially crafted properties for vCAL and iCAL, it allows for execution of code on the exchange server.
May 9th 2006
1 decade ago