SharePoint installation can put Exchange at risk

Installation of the Windows SharePoint Services collaboration and information sharing add-on to Windows Server 2003 can expose Exchange Server 2003 mailboxes on the same server, Microsoft has warned.

Installing SharePoint Services will disable Kerberos authentication and instead select Windows NTLM (NT LAN Manager) authentication. This can adversely affect Outlook Web Access (OWA) and users logging in to OWA could be logged in to another user's mailbox at random, Microsoft said in a statement on Tuesday (US).

Microsoft recommends users run Exchange 2003 with Kerberos enabled for security purposes. Kerberos is enabled by default in Windows Server 2003 and Exchange Server 2003, according to Microsoft. A spokesman could not immediately explain why SharePoint Services disables Kerberos.

Kerberos is a method developed at the Massachusetts Institute for Technology for authenticating a request for a service in a computer network.

Microsoft has published two online support articles that detail the problem and instruct users how to correct and avoid this issue. Microsoft product support also is helping customers who have problems, the company said.

The problem with Exchange Server 2003 and OWA surfaced last week and has moved at least one company to disable the Web access capability for Exchange. A network administrator at a US provider of investment performance reporting tools, called the issue "a major security flaw."

Microsoft has not yet decided whether it will issue a patch to fix this problem. If it issues a patch for Exchange Server 2003 it would be the first for the e-mail server product since its launch last month. The Windows SharePoint Services add-on to Windows Server 2003 also was released in October.

"Upon completion of investigating the problem, Microsoft will take the appropriate action to protect its customers and decide whether providing a fix and additional mitigation the information is warranted," Microsoft said.

The two support articles that deal with the issue are at:

http://support.microsoft.com/?id=832769 and http://support.microsoft.com/?id=832749.

Join the newsletter!

Error: Please check your email address.

More about Microsoft

Show Comments