T 5.163 Attacks on Exchange systems
The information stored in the databases of a Microsoft Exchange server can also be made available for mobile access from the internet. The local mailbox memories of an Exchange server are normally located within the internal LAN of the operator and must be protected by means of appropriate security measures so that an attacker cannot access the Microsoft Exchange server in an unauthorised manner and is not able to infiltrate the internal network.
Some of the problem areas and potential security loopholes that must be taken into consideration, particularly where public access to a Microsoft Exchange server from the internet is allowed, are listed below:
- It is known that the Microsoft Exchange Remote Procedure Call (RPC) communication protocol has many weaknesses. Even an already optimised configuration includes a residual risk.
- A Microsoft Exchange system is very complex. A system consisting of Exchange servers and Outlook clients further increases complexity. This complexity (also the security-relevant settings) may result in misconfigurations and hence in the creation of security loopholes.
- Due to the huge range of functions of a Microsoft Exchange system and the possible integration into corresponding background systems, such as Unified Messaging, Content Management, and Enterprise Resource Planning systems, for example, security loopholes of a server may have effects on the background systems. In this way, it is generally sufficient to exploit a single weakness in a single function package.
Examples: - In Outlook-Web-Access, an attacker can perform a denial-of-service attack via the network by sending a manipulated URL to the server, causing the affected components to crash due to an overloaded memory.
- By means of a manipulated command in SMTP, an attacker could crash an Exchange server. The Exchange server is crashed by a manipulated command in SMTP or an attacker can execute any code additionally.