Microsoft published their Microsoft Security Advisort (971492) about a week ago, and people start to wonder whether or not they should be careful considering they have Exchange deployed in their organization. For one, it is absolutely vital for any operating system to keep it as up-to-date as possible, with or without Exchange running on top of it, so it is definitely best practice to deploy updates as they are shipped by your trusted update suppliers, as Microsoft.

But how about Exchange? This is how the Microsoft Security Research and Defense blogged it:

Question: Is Outlook Web Access (OWA) vulnerable to the authentication bypass?

Answer: No, OWA is not vulnerable to this vulnerability. Exchange 2007 and earlier supported the WebDAV protocol but they did so with an Exchange implementation of WebDAV which only reads/write to/from the Exchange store. It does not interact with the filesystem directly.

- Ilse