Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Exchange 2003 DoS Attack

Kenneth Spiteri

Kenneth Spiteri Photo

Kenneth is an Exchange Administrator who loves to share anything he finds interesting with the rest of the community. He also helps with the administration of the site.

  • Published: Mar 14, 2005
  • Category: Security
  • Votes: none - none
Cast your Vote
Poor Excellent

Problems with folder handling cause the Exchange Information Store service to stop responding.

A problem with moving or removing folders may cause the Exchange Information Store service to stop responding. This problem if exploited could cause denial of service and was recently classified by Secunia as 'Less Critical'. A patch is available through Microsoft Product Support Services and a fix is expected in a future service pack.

As Microsoft's Knowledge Base article explains the problem is caused if a user creates a hierarchy of many nested folders and attempts to delete or move it. For this problem to be exploited the user requires access to the mailbox. Hence an external attacker would first need to obtain authenticated access through some other means. Organizations offering remote access to their store, through OWA say, are therefore more vulnerable.

References

MS KB891504: When you try to move or to remove a folder that contains many subfolders in Outlook, the Microsoft Exchange Information Store service stops responding, and event 9673 is recorded

Secunia: Microsoft Exchange Server 2003 Folder Handling Denial of Service

Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation