GEN:SID 1:1283
Message WEB-IIS outlook web dos
Summary This event is generated when an attempt is made to cause a denial of service of WWW Publishing Service and IIS Administration software.
Impact Denial of service.  This attack may cause a vulnerable server to stop.
Detailed Information Outlook Web Access (OWA) is an optional feature of Microsoft Exchange Server that allows a user to access mail through a web interface supported by Internet Information Services (IIS).  A denial of service of the support software WWW Publishing service and IIS Administration can occur when a user enters a long string of '%' characters in the Log On field in OWA and enters these characcters in the username and password field received in the NT challenge dialog.
Affected Systems Microsoft Exchange Server 5.5 and Microsoft Exchange Server 5.5 SP1, SP2, SP3, SP4
Attack Scenarios An attacker can enter a long string of '%' characters in OWA Log On and challenge fields to cause a denial of service against a vulnerable server.
Ease of Attack Simple.  
Corrective Action Upgrade to the most current version of Microsoft Exchange Server.
Additional References Bugtraq
http://www.securityfocus.com/bid/3223
Rule References bugtraq: 3223