Solved

OWA 2003 vulnerabilities

Posted on 2010-08-18
5
513 Views
Last Modified: 2012-05-10
If a user from home accesses their work email via OWA, can malware on their PC infect OWA and use their contact list to spoof accounts? Would they then be able to use those accounts to send spam and make it appear to come from the work email server?
0
Comment
Question by:PSD_Admin
  • 3
5 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33469786
No, OWA is completely seperate to anything on the PC, it is a web based system.  Even with shared folders on it, it is read only.

Nothing to worry about.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33469954
I have to research OWA security a bit more.
Usually SSL provides one line of safety.

However, you maybe susceptible to a different type of malaware/phishing attack, where users get an alert note to change their passwords in OWA, which takes them to a different site altogether.

Something like this advisory.
http://itservices.uchicago.edu/services/technicaltools/securitynews/2010/01/owamalware.shtml

will post back if I come up with something.
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33469989
0
 

Author Comment

by:PSD_Admin
ID: 33590300
Thank you for your comments they were all very helpful.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33590337
You are welcome :)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Find out what you should include to make the best professional email signature for your organization.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question