Microsoft plans critical patches for IE, Exchange

Microsoft Corp. today said it will deliver four security updates on Tuesday, two of them pegged "critical," and will finally issue a patch for SQL Server that it's been working on since last April.

The four updates detailed in the advance notice published today will quash bugs in Internet Explorer 7 (IE7); its Exchange mail server software; the Visio application that's part of the Office lineup; and SQL Server. The IE and Exchange vulnerabilities will be labeled critical, the company's highest threat ranking, while the SQL Server and Visio bugs will be marked as "important," one step lower.

That bug is notable for several reasons. When Micosoft confirmed the vulnerability in a Dec. 22 advisory, it noted that exploit code had been published. Several days later, the company admitted that it first received a report on the bug from Bernhard Mueller of SEC Consult Security, a Vienna-based security consulting company, in April 2008.

"Three of these are all equally important, at least with the information we have today," Storms said about the IE, Exchange and SQL Server patches. "It all depends on an enterprise's infrastructure."

Companies are always sensitive to Exchange fixes, Storms continued, so the critical fix set for Exchange Server 2007, 2003 and 2000 will be parsed carefully. "Messaging is so important to the enterprise," Storms said, "that they'll want to spend a little extra time making sure the patch works." One plus, he said, is a "Does not require restart" note by Microsoft in today's bulletin.

"That could mean it's not necessarily a giant hole, or that we're just going to get lucky," said Storms. Because they won't have to restart their Exchange servers, IT administrators should be able to deploy the patch more quickly, he said.

"The IE vulnerability has to be something unique to IE7," wagered Storms. According to Microsoft, the critical vulnerability affects only that version of the browser, not IE6 or IE5.01, the latter edition specific to Windows 2000, and the oldest browser that the company still supports with security updates. Storms hesitated to guess what IE7-only issue might be patched. "It could be any number of things," he said. "Could be scripting or the antiphishing filter."

Microsoft's advance notice reported that the IE7 bug will be rated critical for both Windows XP and Windows Vista, but only "moderate" on Server 2003 and Server 2008.

Microsoft will release February's four updates at approximately 1 p.m. EST Tuesday.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9127438

Implementing and Configuring Blacklist Support in Exchange Server 2003

Spam filtering software based on keywords, etc. is only one brick in the wall guarding against Spam; another one is to implement black- or block-list support within your messaging and collaboration environment. With the new release of Exchange, Microsoft implemented the functionality to filter every incoming email whether the sender is on a blacklist or not. Within this article you will learn how blacklists work and how you can configure support with Exchange Server 2003.

But Spam filtering software based on keywords, etc. is only one brick in the wall guarding against Spam; another one is to implement black- or block-list support within your messaging and collaboration environment. With the new release of Exchange, Microsoft implemented the functionality to filter every incoming email whether the sender is on a blacklist or not.

Learn how blacklists work and how you can configure Exchange Server 2003.

What are blacklists and how do they work?

f you perform a search with an internet search engine you will find lots of blacklist providers throughout the world. This means, the first thing you have to do is consider what blacklist provider you want to use. Nobody can say this or that blacklist provider is the best, you should make your own experiences but if you have a look at the recommendations of the IT press and testing results published in these magazines one of the following blacklist providers may be a good choice.

* relays.ordb.org
* relays.visi.com
* bl.spamcop.net
* blackholes.wirehub.net
* list.dsbl.org

If you have a look at one of these blacklist provider’s websites you will find an explanation on how blacklists work.

Each blacklist server is a special kind of service that can be compared with DNS services. If the SMTP-domain is on the blacklist it reports return status codes back to the checking messaging system providing special IP addresses.

Here is a list of the codes and what they mean:

127.0.0.2 è Open relay

127.0.0.3 è Dialup spam source

127.0.0.4 è Confirmed spam source

127.0.0.5 è Smarthosts

127.0.0.6 è Spamware software developer or spamvertized site (spamsites.org)

127.0.0.7 è Listserver that automates opts users in without confirmation

127.0.0.8 è Insecure formail.cgi script

127.0.0.9 è Open proxy server

By default, Exchange Server 2003 blocks all mails with one of these codes, but you can also configure the behavior as you want.

Configuring blacklist support with Exchange 2003

In Exchange Server 2003 you can find the feature for blacklist support within the global settings of your organization.



As seen above, you can implement multi-blacklist provider rules and put them in your own sequence. Exchange Server 2003 then checks every configured blacklist before it reroutes the email.

If you choose the button “Add” the following window opens:



In the field “Display Name” you should put in a brief description of the rule, in the second field you have to put in the DNS suffix of the blacklist provider itself. And by default, every return status code means a blocking of that email. If you are having trouble with your blacklist provider, just disable the rule by choosing the appropriate button.

If you want to configure a customized return status code behavior, make your choice and the following window will open and will provide your customized configuration.



“Match Filter Rule to any return code” is the default setting and provides a blocking of every email that has a return status code. If you choose “Match Filter Rule to the Following Mask”, you can implement your own status code mask, provided by the blacklist company. If you need to implement customized return status codes, you have to choose the third radio button and then add your codes as shown below:



No rule without exceptions … Therefore you have a way to put in your exceptions by choosing the appropriate button. If you want to configure global IP accept and/or deny lists, this is possible, too. Just choose the “Accept” or “Deny” button.

The next step is now to check if everything runs. If it does not, in general the reason is not your Exchange Server 2003; check your DNS- and firewall settings. The Event log may be your friend, too.

But which servers in your messaging environment should have blacklist blocking enabled? Well, that is quite easy to say: that ones that receive email directly from the internet or via a smart- or relay host within your DMZ. It should be a server that reroutes every incoming email in your organization, and if there is more than one “front-end” server in your environment, you should configure all of them. In addition, don’t forget to check the filtering directory, if there are mails from companies that are on blacklists by accident. In general their entries will be deleted within 24 hours, but within that time window your users do not receive any email from that company.

Source:http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html

Exchange Server 2003

Exchange Server 2003 (v6.5) debuted on September 28, 2003. Exchange Server 2003 (currently at Service Pack 2) can be run on Windows 2000 Server (only if Service Pack 4 is first installed) and 32-bit Windows Server 2003, although some new features only work with the latter. Like Windows Server 2003, Exchange Server 2003 has many compatibility modes to allow users to slowly migrate to the new system. This is useful in large companies with distributed Exchange Server environments who cannot afford the downtime and expense that comes with a complete migration.
One of the new features in Exchange Server 2003 is enhanced disaster recovery which allows administrators to bring the server online quicker. This is done by allowing the server to send and receive mail while the message stores are being recovered from backup. Some features previously available in the Microsoft Mobile Information Server 2001/2002 products have been added to the core Exchange Server product, like Outlook Mobile Access and server-side ActiveSync, while the Mobile Information Server product itself has been dropped. Better anti-virus and anti-spam protection have also been added, both by providing built-in APIs that facilitate filtering software and built-in support for the basic methods of originating IP address, SPF ("Sender ID"), and DNSBL filtering which were standard on other open source and *nix-based mail servers. Also new is the ability to drop inbound e-mail before being fully processed, thus preventing delays in the message routing system. There are also improved message and mailbox management tools, which allow administrators to execute common chores more quickly. Others, such as Instant Messaging and Exchange Conferencing Server have been extracted completely in order to form separate products. Microsoft now appears to be positioning a combination of Microsoft Office, Microsoft Office Live Communications Server, Live Meeting and SharePoint as its collaboration software of choice. Exchange Server is now to be simply e-mail and calendaring.
Source:wikipedia.org