The Exchange Team’s response, hot off the presses: http://blogs.technet.com/b/exchange/archive/2015/10/07/no-new-security-vulnerability-in-outlook-web-access-owa.aspx
From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Wednesday, October 7, 2015 12:03 PM To: ntsysadm Cc: [email protected] Subject: Re: [NTSysADM] RE: [Exchange] So, how did they plant the malware? This is absolutely a "need more info" type of scenario. Nothing in the article begins to hint at an actual OWA weakness, in any event. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Wed, Oct 7, 2015 at 11:37 AM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: We've been discussing this on a couple of closed lists. Long-story short - insufficient data at this time. The wording of the story is also of some concern. "Outlook mailserver"? Not Exchange? Also, how was the DLL injected? Was the server already compromised? If so, game over and it isn't OWA's fault. -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Kurt Buff Sent: Wednesday, October 7, 2015 11:32 AM To: [email protected]<mailto:[email protected]>; ntsysadm Subject: [Exchange] So, how did they plant the malware? The article is short on details, and so is the security firm's PDF. Very scary, but nothing in the way of actionable intelligence, AFAICT http://arstechnica.com/security/2015/10/new-outlook-mailserver-attack-steals-massive-number-of-passwords/
