We've been discussing this on a couple of closed lists. Long-story short - insufficient data at this time.
The wording of the story is also of some concern. "Outlook mailserver"? Not Exchange? Also, how was the DLL injected? Was the server already compromised? If so, game over and it isn't OWA's fault. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Wednesday, October 7, 2015 11:32 AM To: [email protected]; ntsysadm Subject: [Exchange] So, how did they plant the malware? The article is short on details, and so is the security firm's PDF. Very scary, but nothing in the way of actionable intelligence, AFAICT http://arstechnica.com/security/2015/10/new-outlook-mailserver-attack-steals-massive-number-of-passwords/
