Advertisement
Promo

Security threats Toolkit

Microsoft issues critical patches

Dawn Kawamoto CNET News

Published: 10 May 2006 09:15 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft on Tuesday released three security updates, two of which address critical flaws in its Exchange email server and third-party software in Windows.

Critical vulnerabilities in Microsoft Exchange Calendar and Adobe's Macromedia Flash Player in Windows can lead to remote execution of code on a user's system, according to Microsoft's security bulletins.

The software giant also issued a "moderate" update for flaws in Windows, according to the bulletin. A malicious attacker could launch a denial-of-service attack by sending a specially crafted network message through the system to exploit the flaw.

The critical Microsoft Exchange flaws affect Microsoft Exchange Server 2000 with Post-Service Pack (SP) 3, Microsoft Exchange 2000 Enterprise Server, and Microsoft Exchange Server 2003 with SP 1 or SP 2.

"An attacker could exploit the vulnerability by constructing a specially crafted message that could potentially allow remote code execution when an Exchange Server processes an email with certain... properties," according to Microsoft's bulletin. Security firm Symantec said the Microsoft Exchange flaw is the most serious of the three.

"Because the majority of Exchange servers are configured to receive emails from anonymous users, this vulnerability has the potential to manifest itself in the form of a worm if machines are not properly patched," Oliver Friedrichs, Symantec Security Response director, said in a statement.

Microsoft also issued a Windows update for what it described as critical flaws in Adobe's Macromedia Flash Player 5 and 6. An attacker could exploit these vulnerabilities by constructing a malicious Flash animation file. Users visiting a Web site containing the specially crafted file may find their computer system taken over.

The Flash flaws affect Windows XP Home Edition, with SP 1 or SP 2; XP Professional; Windows 98 with Gold service pack or SP1; Windows 98 SE with Gold service pack; and Windows ME with Gold service pack.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
122 out of 222 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

1 comment

  1. yay!! well done MS! Myles

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Senior Web Designer; CSS XHTML SEO Adobe Flash Photoshop Illustrator

Group Microsoft Exchange Administrator

Graduate Web Designer ASP/Adobe Photoshop/Dreamweaver/Flash

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters