Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

ITS Advisory Number: 
2014-009
Date(s) Issued: 
Tuesday, February 11, 2014
Subject: 
Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)
Overview: 

A vulnerability has been found within Microsoft Forefront Protection 2010 for Exchange that could allow remote code execution. Microsoft Forefront Protection 2010 for Exchange Server provides protection against malware and spam by scanning incoming emails. An attacker who has successfully exploited this vulnerability could execute code in the context of the users service account. Depending on the privileges associated with the account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

'
Systems Affected: 
  • Microsoft Forefront Protection for Exchange 2010
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

A remote code execution vulnerability exists in Forefront Protection for Exchange. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the configured service account. An attacker who has successfully exploited this vulnerability could execute code in the context of the users service account. Depending on the privileges associated with the account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

'
Actions: 
  • Upgrade Microsoft Forefront Protection for Exchange 2010 immediately after appropriate testing.
  • Apply the principle of Least Privilege to all services.
References: 
Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms14-008
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0294