Microosft published an unusual knowledge base article today, warning users of certain versions of Microsoft Exchange and Sharepoint server of a remote code execution vulnerability introduced by Oracle's Outside In libraries that are included with these products. [1]
Affected Products:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
FAST Search Server 2010 for Sharepoint
Oracle provided a patch for this issue in it's July patch release [2]. The issue si covered by Oracles Fusion Middleware fix. Outside in library version 8.3.7.77 and earlier is vulnerable. The fixed version is 8.3.7.171 (US Cert also mentions 8.3.5.6369 as fixed).
As a work around, you could disable the transcoding service, but it will no longer allow you to preview attachments. Or you could disable the advanced filter pack on FAST Search Server 2010 for SharePoint.
Oracle's Outdside In libraries are able to decode over 500 different file formats [3]. The libraries are used to be able to index content inside files like PDFs and other common file types.
It is very likely, that not only Microsoft's software is including this library. US-CERT provides a list of software that they identified.
[1]http://technet.microsoft.com/en-us/security/advisory/2737111
[2]http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
[3]http://www.kb.cert.org/vuls/id/118913
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Affected Products:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
FAST Search Server 2010 for Sharepoint
Oracle provided a patch for this issue in it's July patch release [2]. The issue si covered by Oracles Fusion Middleware fix. Outside in library version 8.3.7.77 and earlier is vulnerable. The fixed version is 8.3.7.171 (US Cert also mentions 8.3.5.6369 as fixed).
As a work around, you could disable the transcoding service, but it will no longer allow you to preview attachments. Or you could disable the advanced filter pack on FAST Search Server 2010 for SharePoint.
Oracle's Outdside In libraries are able to decode over 500 different file formats [3]. The libraries are used to be able to index content inside files like PDFs and other common file types.
It is very likely, that not only Microsoft's software is including this library. US-CERT provides a list of software that they identified.
[1]http://technet.microsoft.com/en-us/security/advisory/2737111
[2]http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
[3]http://www.kb.cert.org/vuls/id/118913
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.