http://www.eweek.com/c/a/Security/Microsoft-Fixes-Critical-Bugs-in-Microsoft-Exchange-Internet-Explorer-for-Patch-Tuesday/ By Brian Prince eWEEK 2009-02-10 Microsoft's February Patch Tuesday release contains four security bulletins. Two are rated critical, one affecting Internet Explorer and the other Microsoft Exchange Server. The other security bulletins affect editions of SQL Server and Microsoft Office Visio. Microsoft issued four security bulletins for February's Patch Tuesday release in order to plug a number of remote code execution vulnerabilities in its products. Two of the bulletins are rated "critical." Arguably the one with the greatest impact is MS09-003, which addresses two bugs affecting Microsoft Exchange Server. The first vulnerability could allow remote code execution if a malicious TNEF (Transport Neutral Encapsulation Format) message is sent to a Microsoft Exchange Server. The second vulnerability could allow denial of service if a specially crafted MAPI (Messaging API) command is sent to a Microsoft Exchange Server. An attacker who successfully exploited the second vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding, according to Microsoft. [...] _______________________________________________ Best Selling Security Books & More! http://www.shopinfosecnews.org/Received on Tue Feb 10 2009 - 23:07:51 PST
This archive was generated by hypermail 2.2.0 : Tue Feb 10 2009 - 23:12:35 PST