Ooops ! Sorry, just now spotted the ealier post with the same info. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Trent Hancock Sent: Wednesday, November 26, 2003 12:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Microsoft investigates possible Exchange 2003 fla w
Note the following post from the exchange list hosted by Sunbelt Software. -----Original Message----- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 7:46 AM To: MS-Exchange Admin Issues Subject: RE: Security Issue in Exchange 2003 Turns out to be a bit more complicated than that. But it is relevant to a couple of pretty specific configurations. HTTP connection re-use with ISA seems to be where the randomness comes from, and the authentication/access error comes from Kerberos being disabled when Sharepoint gets installed. >From another group, again: Here is a workaround posted in SBS newsgroup by Chad A Gross [SBS-MVP] http://support.microsoft.com/?id=832749 that apparently fixes the problem. There is another issue if you have Exchange 2003 + Sharepoint Services 2003 + Windows Server 2003 installed on the same machine. Apparently Kerberos auth protocol gets turned off on IIS. Workaround is documented in http://support.microsoft.com/?id=832769 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan Sent: Tuesday, November 25, 2003 7:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Microsoft investigates possible Exchange 2003 fla w :-) Al, I think you missed the key point in the message - the sarcasm over the entire issue. I had hoped that the raging, stupid statement about 'a huge, gaping..' blah, blah and the Dennis Miller quip tipped everyone off to my wry humor. Pardons if I led you astray. Personally, and truthfully, I think it's a crock that has been blown way out of proportion by a media that is always looking for the sensational and found it in a completely difficult to reproduce, if at all, unsupported configuration. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, November 25, 2003 8:13 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Microsoft investigates possible Exchange 2003 fla w Is it? What are the details that surround this "flaw" ? The press release says that he disabled Kerberos. What are they talking about there in his case? He disabled it for IIS? He disabled it for..? How do the casual observers recreate the problem to verify if it's even an issue to the rest of us commoners? Al -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 11:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Microsoft investigates possible Exchange 2003 flaw Steve, Thanks for bringing this up. I've known about this issue for a bit of time (~5 days), and I think you're being kind saying it's a potential flaw. IMNSHO, it's a really huge, gaping, festering wound that one could drive a Peterbuilt through. But, I could be wrong..... ;o) Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, November 24, 2003 4:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Microsoft investigates possible Exchange 2003 flaw I thought that the group might be interested in this. The potential flaw lies in the Outlook Web Access (OWA) component of Exchange Server 2003. A network administrator at a Nashville, Tenn., provider of investment performance reporting tools found that users logging in to OWA could be logged in to another user's mailbox at random and have full access privileges. http://www.nwfusion.com/news/2003/1121microinves2.html?nl Sincerely, Steve ***************************************** Steve Shaff Active Directory / Exchange Administrator Corillian Corporation (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
