Solved

OWA 2003 vulnerabilities

Posted on 2010-08-18
5
514 Views
Last Modified: 2012-05-10
If a user from home accesses their work email via OWA, can malware on their PC infect OWA and use their contact list to spoof accounts? Would they then be able to use those accounts to send spam and make it appear to come from the work email server?
0
Comment
Question by:PSD_Admin
  • 3
5 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33469786
No, OWA is completely seperate to anything on the PC, it is a web based system.  Even with shared folders on it, it is read only.

Nothing to worry about.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33469954
I have to research OWA security a bit more.
Usually SSL provides one line of safety.

However, you maybe susceptible to a different type of malaware/phishing attack, where users get an alert note to change their passwords in OWA, which takes them to a different site altogether.

Something like this advisory.
http://itservices.uchicago.edu/services/technicaltools/securitynews/2010/01/owamalware.shtml

will post back if I come up with something.
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33469989
0
 

Author Comment

by:PSD_Admin
ID: 33590300
Thank you for your comments they were all very helpful.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33590337
You are welcome :)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
This video discusses moving either the default database or any database to a new volume.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question