Exchange flaw poses 'worm risk'
Two critical fixes herald MS Patch Tuesday
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Microsoft released three patches – two of which it deems critical - on Tuesday in the May edition of its regular Patch Tuesday update cycle.
Most seriously there's a critical vulnerability in Microsoft Exchange which allows remote code execution (MS06-019). This security bug in Microsoft Exchange's calendar function could lead to a worm, security tools firm ISS warns.
The flaw might be exploited by hackers by sending a specially crafted email message with malformed vCal or iCal properties to a vulnerable server. Administrators running either Exchange 2000 or Exchange 2003 servers need to apply patches.
Microsoft also warns of a vulnerability in Adobe's Macromedia Flash Player that creates a means to run hostile code on Windows PCs. Adobe issued a patch for the vulnerability back in March, but Microsoft techies now reckon it merits its own patch (MS06-020).
Last up, Redmond warns of a moderate risk flaw in Microsoft Distributed Transaction Coordinator that can stop systems responding, thereby representing a denial of service risk. Microsoft's summary of these three updates can be found here. ®
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
