OWA 2003 vulnerabilities

PSD_Admin
PSD_Admin used Ask the Experts™
on
If a user from home accesses their work email via OWA, can malware on their PC infect OWA and use their contact list to spoof accounts? Would they then be able to use those accounts to send spam and make it appear to come from the work email server?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
No, OWA is completely seperate to anything on the PC, it is a web based system.  Even with shared folders on it, it is read only.

Nothing to worry about.
Top Expert 2010

Commented:
I have to research OWA security a bit more.
Usually SSL provides one line of safety.

However, you maybe susceptible to a different type of malaware/phishing attack, where users get an alert note to change their passwords in OWA, which takes them to a different site altogether.

Something like this advisory.
http://itservices.uchicago.edu/services/technicaltools/securitynews/2010/01/owamalware.shtml

will post back if I come up with something.
Top Expert 2010
Commented:

Author

Commented:
Thank you for your comments they were all very helpful.
Top Expert 2010

Commented:
You are welcome :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial