Re: Exchange/MAPI/RPC

• Previous message: Willis Johnson: "RE: SQL Service Pack doesn't upgrade SQL Server"
• In reply to: Willis Johnson: "RE: Exchange/MAPI/RPC"
• Next in thread: Joseph Burton: "RE: Exchange/MAPI/RPC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Simara" <simara@formdesign.com>
To: <focus-ms@securityfocus.com>
Date: Thu, 13 Mar 2003 05:17:28 -0500

It is not recommend to publish any RPC interface on Windows Servers, there
are tons of exploits that could be executed, and besides, the kind of RPC
outlook uses is really heavy on the network, so I wont recommend it, use a
VPN.

On the other side of the story, the new Exchange Server and Office suite,
both due in about 3 months, will bring a new solution: Http-RPC, using the
standard Web Access as a connection for the Outlook 2003, and it is secure,
no RPC ports open, and I already teste it and its sweet (really fast), the
HTTP RPC is nota full RPC publishing, just what you need.

Tested on both beta 2 version of each product.

Alex
----- Original Message -----
From: "Willis Johnson" <willisj@microsoft.com>
To: <focus-ms@securityfocus.com>
Sent: Tuesday, March 11, 2003 4:17 PM
Subject: RE: Exchange/MAPI/RPC

There's a case study describing how Microsoft secures remote users at
this website:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsol
utions/msit/security/srutcase.asp

Willis Johnson
Microsoft

----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33

• Previous message: Willis Johnson: "RE: SQL Service Pack doesn't upgrade SQL Server"
• In reply to: Willis Johnson: "RE: Exchange/MAPI/RPC"
• Next in thread: Joseph Burton: "RE: Exchange/MAPI/RPC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]