This is absolutely a "need more info" type of scenario. Nothing in the article begins to hint at an actual OWA weakness, in any event.
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Wed, Oct 7, 2015 at 11:37 AM, Michael B. Smith <[email protected]> wrote: > We've been discussing this on a couple of closed lists. Long-story short - > insufficient data at this time. > > The wording of the story is also of some concern. "Outlook mailserver"? > Not Exchange? > > Also, how was the DLL injected? Was the server already compromised? If so, > game over and it isn't OWA's fault. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Kurt Buff > Sent: Wednesday, October 7, 2015 11:32 AM > To: [email protected]; ntsysadm > Subject: [Exchange] So, how did they plant the malware? > > The article is short on details, and so is the security firm's PDF. > Very scary, but nothing in the way of actionable intelligence, AFAICT > http://arstechnica.com/security/2015/10/new-outlook-mailserver-attack-steals-massive-number-of-passwords/ > > >
