Quote:
Independent security testing firm @stake, which works with four of the top 10 software vendors, was brought in to do two-weeks of penetration testing, including close scrutiny of possible vulnerabilities in client connections.
Chris Wysopal, director of research and development for @stake said his team found about 30 bugs and made two recommendations to meet Microsoft’s "secure by default" criteria, including changing a default so the only open RPC port was the one used by Outlook to talk to Exchange.