August 10, 2004
Microsoft Security Bulletin: Moderate Exchange 5.5 OWA Vulnerability (MS04-026)
Advisory Overview
Qualys™ Vulnerability R&D Lab has released a new vulnerability signature in the QualysGuard® Service to protect organizations against the new critical Microsoft® vulnerability that was announced earlier today. Customers can immediately audit their networks for this and other new vulnerabilities by accessing their QualysGuard subscription.
Vulnerability Details

Moderate Exchange 5.5 OWA Vulnerability (MS04-026)
SEVERITY: Critical Critical-4 4
VENDOR REFERENCE: MS04-026
CVE REFERENCE: CAN-2004-0203
THREAT: Microsoft released a moderate patch today which fixes a cross-site scripting and spoofing vulnerability in Exchange 5.5 Outlook Web Access (OWA).
IMPACT: Exploitation of this vulnerability could allow an attacker to access any data on the OWA server that was accessible to the logged in user.
SOLUTION: Microsoft has released a patch related to this issue. For more information and to download the patch, go to: http://www.microsoft.com/technet/security/bulletin/ms04-026.mspx
SELECTIVE SCAN INSTRUCTIONS USING QUALYSGUARD:
  1. Enable scanning of TCP ports 135, 139 and 445.
  2. Enable "Microsoft Exchange Server 5.5 Outlook Web Access XSS and Spoofing Vulnerability (MS04-026)"
    • Qualys ID: 90162
    • Windows login required
  3. Additionally, enable the 'Windows Host Name' signature with Qualys ID 82044 if you want to report on vulnerable hosts by Windows (NetBIOS) machine name.

Technical Support
For more information, customers may contact Qualys Technical Support directly at support@qualys.com or by telephone toll free at:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
About QualysGuard
QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

Access for QualysGuard customers: https://qualysguard.qualys.com

Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/