Exchange Left Vulnerable to Hacks while Microsoft Slacks

Microsoft (News - Alert) is annoying IT administrators who use the company’s hosted e-mail services – Exchange Server 2007 and Exchange Server 2010. The code used for schematizing attachments, Oracle (News - Alert) Outside In, was identified as having vulnerabilities susceptible for hack attacks. Although Microsoft has advised users to disable these services along with 2010 FAST (News - Alert) Search Server, the company’s apathy has many questioning whether there will be a solution before the next moon cycle.

A report from Computerworld claims that Microsoft “downplayed the threat” by claiming it is unaware of any serious exploits. This sentiment could be troublesome for administrators who need immediate answers. Microsoft is known for maintaining a stingy regimen of one report a month, rarely straying from the routine. If Microsoft maintains its position that there are no immediate threats, then some fear that August 14th will be the soonest we’ll hear an update.

In addition to the mystery over when the issue will be resolved, is another mystery over who is taking responsibility. Microsoft has clearly identified the problem as stemming from a “third party.” According to its last advisory, “The vulnerabilities exist due to the way that files are parsed by the third-party, Oracle Outside In libraries.” The advisory also contains a list of affected software, naming five that rely on Oracle Outside In’s code. But there is also a list of six types of software that are not affected.

Among the frequently asked questions Microsoft answers in the advisory are, “What might an attacker use the vulnerabilities to do?” and “How could an attacker exploit the vulnerabilities?” These answers are clear and could perhaps serve as a guideline for deviant opportunists.

Although the report goes on to state that, “Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers,” there is no promise of “immediate action.”

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO click here.

Stay in touch with everything happening at ITEXPO. Follow us on Twitter.