Feeds

Exchange flaw poses 'worm risk'

Two critical fixes herald MS Patch Tuesday

Build a business case: developing custom apps

Microsoft released three patches – two of which it deems critical - on Tuesday in the May edition of its regular Patch Tuesday update cycle.

Most seriously there's a critical vulnerability in Microsoft Exchange which allows remote code execution (MS06-019). This security bug in Microsoft Exchange's calendar function could lead to a worm, security tools firm ISS warns.

The flaw might be exploited by hackers by sending a specially crafted email message with malformed vCal or iCal properties to a vulnerable server. Administrators running either Exchange 2000 or Exchange 2003 servers need to apply patches.

Microsoft also warns of a vulnerability in Adobe's Macromedia Flash Player that creates a means to run hostile code on Windows PCs. Adobe issued a patch for the vulnerability back in March, but Microsoft techies now reckon it merits its own patch (MS06-020).

Last up, Redmond warns of a moderate risk flaw in Microsoft Distributed Transaction Coordinator that can stop systems responding, thereby representing a denial of service risk. Microsoft's summary of these three updates can be found here. ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?