{"id":2312,"date":"2003-11-26T00:00:00","date_gmt":"2003-11-26T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2003\/11\/26\/microsoft-user-differ-on-details-of-exchange-2003-flaw\/"},"modified":"2021-12-30T11:41:03","modified_gmt":"2021-12-30T11:41:03","slug":"microsoft-user-differ-on-details-of-exchange-2003-flaw","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2003\/11\/26\/microsoft-user-differ-on-details-of-exchange-2003-flaw\/","title":{"rendered":"Microsoft, user differ on details of Exchange 2003 flaw"},"content":{"rendered":"<p>A network administrator apparently has stumbled upon a serious security hole in Outlook Web Access, a component of Exchange Server 2003 that lets users access their e-mail accounts online.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Users have the ability to interact with other people&#8217;s mailboxes and can send, receive and read messages, as well as open and manipulate Outlook folders.<\/p>\n<p>Microsoft has given the administrator &#8212; who has requested anonymity for himself and his company &#8212; a patch, and the company says the vulnerability exists only in certain configurations.<\/p>\n<p>The admin said that, three months ago, his team had upgraded two front-end and back-end servers to Windows Server 2003 and Exchange Server 2003.  Shortly after the upgrade, users randomly began reporting that they were being logged on to other people&#8217;s mailboxes with full privileges.<\/p>\n<p>Microsoft released a statement late last week about this situation, and the company said the security issue occurs only if Kerberos authentication is disabled.<\/p>\n<p>More info: [url=http:\/\/searchsecurity.techtarget.com\/originalContent\/0,289142,sid14_gci938649,00.html]http:\/\/searchsecurity.techtarget.com\/originalContent\/0,289142,sid14_gci938649,00.html[\/url]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2312","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2312"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2312\/revisions"}],"predecessor-version":[{"id":4799,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2312\/revisions\/4799"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}