Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft Outlook Web Access Crafted POST Request Elevation of Privilege Vulnerability

Subscribe

Check Point Reference: CPAI-2010-268
Date Published:
Severity:
Source: Microsoft Security Advisory (2401593)
Industry Reference(s): CVE-2010-3213
Protection Provided by: Security Gateway
  • R71
  • R70
Who is Vulnerable?
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2007 SP1
Microsoft Exchange Server 2007 SP2
Vulnerability Description
An elevation of privilege vulnerability was reported in Microsoft Outlook Web Access. Outlook Web Access (OWA) is a webmail service of Microsoft Exchange Server 5.0 and later. The web interface of OWA resembles the interface in Microsoft Outlook. Successful exploitation of this issue could allow the attacker to login to the OWA session, leading to elevation of privilege.
Vulnerability Details
The vulnerability is due to an error in Outlook Web Access, which under certain circumstances allows an authenticated OWA session to be hijacked by an attacker. A remote attacker may exploit this issue by convincing a user to visit a malicious Web page that the attacker crafted specifically for the targeted Exchange domain, during an active OWA session. Successful exploitation of this issue could allow the attacker to perform actions on behalf of the authenticated user in the security context of the active OWA session, such as reading e-mail messages, adding new inbox rules, or changing OWA user preferences.

Protection Overview
This protection will detect and block attempts to exploit this vulnerability.

Please note that the protection offered in this advisory may cause false positives by blocking legitimate traffic. We are working on solving this issue.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05Protection taband select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway: R70/R71

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > SMTP.
2. In the right pane, double-click the Microsoft Outlook Web Access Crafted POST Request Elevation of Privilege protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries: 

Attack Name: SMTP Protection Violation
Attack Information: Microsoft Outlook Web Access crafted POST request elevation of privilege