Exchange flaw poses 'worm risk'
PrintTwo critical fixes herald MS Patch Tuesday
Posted in Software & Security, 10th May 2006 11:46 GMT
Free whitepaper – What Exchange can't do - and Dell can
Microsoft released three patches – two of which it deems critical - on Tuesday in the May edition of its regular Patch Tuesday update cycle.
Most seriously there's a critical vulnerability in Microsoft Exchange which allows remote code execution (MS06-019). This security bug in Microsoft Exchange's calendar function could lead to a worm, security tools firm ISS warns.
The flaw might be exploited by hackers by sending a specially crafted email message with malformed vCal or iCal properties to a vulnerable server. Administrators running either Exchange 2000 or Exchange 2003 servers need to apply patches.
Microsoft also warns of a vulnerability in Adobe's Macromedia Flash Player that creates a means to run hostile code on Windows PCs. Adobe issued a patch for the vulnerability back in March, but Microsoft techies now reckon it merits its own patch (MS06-020).
Last up, Redmond warns of a moderate risk flaw in Microsoft Distributed Transaction Coordinator that can stop systems responding, thereby representing a denial of service risk. Microsoft's summary of these three updates can be found here. ®
Free whitepaper – Managing desktop software for fun and profit
The Register Agile Data Center Summit
Straight Talk with Dell: Sending out an SaaS
Seven ways to optimize VMware server virtualization
Automating the Acquisition Process with Enterprise Level CRM
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs