Installation of the Windows SharePoint Services collaboration and information sharing add-on to Windows Server 2003 can expose Exchange Server 2003 mailboxes on the same server, Microsoft Corp. said Tuesday.
Installing SharePoint Services will disable Kerberos authentication and instead select Windows NTLM (NT LAN Manager) authentication. This can adversely affect Outlook Web Access (OWA) and users logging in to OWA could be logged in to another user's mailbox at random, Microsoft said in a statement.
Microsoft recommends users run Exchange 2003 with Kerberos enabled for security purposes. Kerberos is enabled by default in Windows Server 2003 and Exchange Server 2003, according to Microsoft. A spokesman could not immediately explain why SharePoint Services disables Kerberos.
Kerberos is a method developed at the Massachusetts Institute for Technology for authenticating a request for a service in a computer network.
Microsoft has published two online support articles that detail the problem and instruct users how to correct and avoid this issue. Microsoft product support also is helping customers who have problems, the company said.
The problem with Exchange Server 2003 and OWA surfaced last week and has moved at least one company to disable the Web access capability for Exchange. A network administrator at a Nashville, Tennessee, provider of investment performance reporting tools, called the issue "a major security flaw."
Microsoft has not yet decided whether it will issue a patch to fix this problem. If it issues a patch for Exchange Server 2003 it would be the first for the e-mail server product since its launch last month. The Windows SharePoint Services add-on to Windows Server 2003 also was released in October.
"Upon completion of investigating the problem, Microsoft will take the appropriate action to protect its customers and decide whether providing a fix and additional mitigation the information is warranted," Microsoft said.
The two support articles that deal with the issue are at:
http://support.microsoft.com/?id=832769 and http://support.microsoft.com/?id=832749
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive InfoWorld Resource Alerts
Recommend This
