Exchange flaw poses 'worm risk'
Print storyTwo critical fixes herald MS Patch Tuesday
Posted in Enterprise Security, 10th May 2006 11:46 GMT
Free whitepaper – Extended Validation SSL Certificates
Microsoft released three patches – two of which it deems critical - on Tuesday in the May edition of its regular Patch Tuesday update cycle.
Most seriously there's a critical vulnerability in Microsoft Exchange which allows remote code execution (MS06-019). This security bug in Microsoft Exchange's calendar function could lead to a worm, security tools firm ISS warns.
The flaw might be exploited by hackers by sending a specially crafted email message with malformed vCal or iCal properties to a vulnerable server. Administrators running either Exchange 2000 or Exchange 2003 servers need to apply patches.
Microsoft also warns of a vulnerability in Adobe's Macromedia Flash Player that creates a means to run hostile code on Windows PCs. Adobe issued a patch for the vulnerability back in March, but Microsoft techies now reckon it merits its own patch (MS06-020).
Last up, Redmond warns of a moderate risk flaw in Microsoft Distributed Transaction Coordinator that can stop systems responding, thereby representing a denial of service risk. Microsoft's summary of these three updates can be found here. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive