How very bland. I'm still left wanting more details. The original security report doesn't specifically call out an OWA vuln, so I'm wondering how the victim screwed up. Probably something really basic, but no way to tell at this point.
Even so, thank you Michael. Kurt On Wed, Oct 7, 2015 at 10:11 AM, Michael B. Smith <[email protected]> wrote: > The Exchange Team’s response, hot off the presses: > > > > > http://blogs.technet.com/b/exchange/archive/2015/10/07/no-new-security-vulnerability-in-outlook-web-access-owa.aspx > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Andrew S. Baker > *Sent:* Wednesday, October 7, 2015 12:03 PM > *To:* ntsysadm > *Cc:* [email protected] > *Subject:* Re: [NTSysADM] RE: [Exchange] So, how did they plant the > malware? > > > > This is absolutely a "need more info" type of scenario. > > > > Nothing in the article begins to hint at an actual OWA weakness, in any > event. > > > > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A > > > > On Wed, Oct 7, 2015 at 11:37 AM, Michael B. Smith <[email protected]> > wrote: > > We've been discussing this on a couple of closed lists. Long-story short - > insufficient data at this time. > > The wording of the story is also of some concern. "Outlook mailserver"? > Not Exchange? > > Also, how was the DLL injected? Was the server already compromised? If so, > game over and it isn't OWA's fault. > > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Kurt Buff > Sent: Wednesday, October 7, 2015 11:32 AM > To: [email protected]; ntsysadm > Subject: [Exchange] So, how did they plant the malware? > > The article is short on details, and so is the security firm's PDF. > Very scary, but nothing in the way of actionable intelligence, AFAICT > http://arstechnica.com/security/2015/10/new-outlook-mailserver-attack-steals-massive-number-of-passwords/ > > >
