Exchange flaw poses 'worm risk'
Two critical fixes herald MS Patch Tuesday
Microsoft released three patches – two of which it deems critical - on Tuesday in the May edition of its regular Patch Tuesday update cycle.
Most seriously there's a critical vulnerability in Microsoft Exchange which allows remote code execution (MS06-019). This security bug in Microsoft Exchange's calendar function could lead to a worm, security tools firm ISS warns.
The flaw might be exploited by hackers by sending a specially crafted email message with malformed vCal or iCal properties to a vulnerable server. Administrators running either Exchange 2000 or Exchange 2003 servers need to apply patches.
Microsoft also warns of a vulnerability in Adobe's Macromedia Flash Player that creates a means to run hostile code on Windows PCs. Adobe issued a patch for the vulnerability back in March, but Microsoft techies now reckon it merits its own patch (MS06-020).
Last up, Redmond warns of a moderate risk flaw in Microsoft Distributed Transaction Coordinator that can stop systems responding, thereby representing a denial of service risk. Microsoft's summary of these three updates can be found here. ®