Subscribe to our Newsletter. The latest news and articles delivered to your Inbox!
Kenneth is an Exchange Administrator who loves to share anything he finds interesting with the rest of the community. He also helps with the administration of the site.
Problems with folder handling cause the Exchange Information Store service to stop responding.
A problem with moving or removing folders may cause the Exchange Information Store service to stop responding. This problem if exploited could cause denial of service and was recently classified by Secunia as 'Less Critical'. A patch is available through Microsoft Product Support Services and a fix is expected in a future service pack.
As Microsoft's Knowledge Base article explains the problem is caused if a user creates a hierarchy of many nested folders and attempts to delete or move it. For this problem to be exploited the user requires access to the mailbox. Hence an external attacker would first need to obtain authenticated access through some other means. Organizations offering remote access to their store, through OWA say, are therefore more vulnerable.
MS KB891504: When you try to move or to remove a folder that contains many subfolders in Outlook, the Microsoft Exchange Information Store service stops responding, and event 9673 is recorded
Secunia: Microsoft Exchange Server 2003 Folder Handling Denial of Service
Add New Comment...