Revision Note: V1.0 (September 14, 2010): Advisory published.
Summary: Microsoft has completed the investigation of a publicly disclosed vulnerability in Outlook Web Access (OWA) that may affect Microsoft Exchange customers. An attacker who successfully exploited this vulnerability could hijack an authenticated OWA session. The attacker could then perform actions on behalf of the authenticated user without the user’s knowledge, within the security context of the active OWA session.