Microsoft just released details and fixes for four vulnerabilities affecting Exchange versions 2000, 2003 and 2007. The vulnerability classification varies from Important to Critical, demanding immediate action.
Exchange 2000 results to be the most exposed being affected by all vulnerabilities. Exchange 2003 and 2007 are exposed to three and two of the vulnerabilities respectively.
The most serious of the four is the MIME Decoding Vulnerability. This is classified as Critical and exposes all three Exchange versions to the risk of remote code execution. Potentially an attacker could take control of an affected system by simply sending an email containing the exploit code. As a possible workaround, Microsoft suggests to only allow authenticated connections, thus blocking anonymous attacks. However this is very often not feasible, leaving us with the only option to apply the fix immediately.
Another vulnerability affecting all three Exchange versions is the Malformed iCal Vulnerability. Classified as Important, this may cause denial of service. Again all an attacker needs to do is to send the exploit by email. Following that Exchange stops responding to user requests until the Information Store is restarted.
The Outlook Web Access Script Injection Vulnerability only affects Exchange version 2000 and 2003. This time the exploit must be sent as an email attachment and opened from OWA. The exploit could then steal information, potentially leading to the disclosure of sensitive information. The fact that a user must manually open the attached exploit is certainly an important mitigating factor in this case.
Finally Exchange 2000 could also be vulnerable to the IMAP Literal Processing Vulnerability. An attacker could carry out a denial of service attack by sending an IMAP command to an Exchange 2000 server. Following that, the email services stops responding until the IIS Admin service is restarted. Clearly this vulnerability is only relevant to Exchange 2000 servers exposing the IMAP service.
The bulletin states that all vulnerabilities where disclosed privately and no exploits are known to be in the wild. However I will add that one can never be sure in this regard and applying the patches should be given top priority.
For complete details and fixes please refer to the original bulletin at the references section.
References
Microsoft Security Bulletin MS07-026