Print
Discuss
Send to friend
RSS feedsMicrosoft has released an update for Windows that fixes critical flaws in Exchange Server and Adobe's Macromedia Flash Player.
Both of the security holes could be used by hackers to execute code remotely on a user's PC and take full control.
"An attacker could then install programs, view, change or delete data, or create new accounts with full user rights," said the Microsoft statement accompanying the update.
Monty Ijzerman, senior manager of the Global Threat Group at McAfee's Avert Labs, said: "There are two items of note in this announcement by Microsoft.
"The vulnerability in Exchange Server poses a serious concern as it does not require any user interaction to be exploited, making the vulnerability a worm candidate."
Ijzerman also said it was "interesting" that Microsoft had issued a patch for vulnerabilities that were previously patched by Adobe.
"This is the first time in recent memory that Microsoft has published a patch for third-party software," he explained.
"In this case, it is probably because the Macromedia patch was not widely deployed and Microsoft's updates will help ensure that its customers are protected."
Tuesday's update also fixes a denial of service vulnerability in Microsoft Distributed Transaction Coordinator (MSDTC).
The problem could be exploited to send a specially crafted network message to an affected system that would stop it responding. Microsoft rated the MSDTC update as 'moderate'.
See also:
Difficult to compete with free bundled offerings from Redmond 10 May 2006
Failure to disclose complete and accurate interface documentation 12 Mar 2006
Pirated software could hold spyware, vendor cautions 10 Mar 2006All Enterprise Security Technology
del.icio.us
Digg this
reddit!
