20120727 - Service Advisory: Potential Vulnerability While Previewing Attachments Via OWA in Exchange 2007/2010
Service Advisory:
We are tracking a security vulnerability warning issued by Microsoft in regards to previewing of attachments in Outlook Web Access. Although there has not been a publicly released exploit yet, we are preparing to disable the preview feature until Microsoft releases an update to fix the security hole. In the event an exploit is made publicly available, we will immediately disable the feature until the fix is deployed. If you are users of OWA, please notify your end users this feature may become unavailable temporarily until the issue is resolved.
More information can be found at the following support link from Microsoft on the exact issue http://technet.microsoft.com/en-us/security/advisory/2737111. We will be watching this vulnerability closely and will follow up with updates in the event we have to disable the functionality.
Thank you for being a ETRN customer. Please contact us if you have any questions.
We Answer Your Questions: FAQ
Q: What is the maximum e-mail attachment size?
A: The ETRN.com e-mail servers do not limit the size of individual e-mail attachments. The ETRN.com e-mail servers do impose a 400 MB maximum total message size limit. Individual customers can choose a smaller message size limit. We can also customize the handling of "over-sized" e-mails. Please contact us to discuss your specific needs. A couple of important facts:
1. Attachments are typically encoded in what is called Base64[1]. As a result, the actual length of MIME-compliant Base64-encoded binary data is usually about 137% of the original file size.
2. E-mails often contain both plain text and HTML components. This also increases the overall size of the e-mail.