[ISN] Microsoft Fixes Critical Bugs in Microsoft Exchange Server, Internet Explorer for Patch Tuesday

From: InfoSec News <alerts_at_private>
Date: Wed, 11 Feb 2009 01:07:51 -0600 (CST)
http://www.eweek.com/c/a/Security/Microsoft-Fixes-Critical-Bugs-in-Microsoft-Exchange-Internet-Explorer-for-Patch-Tuesday/

By Brian Prince
eWEEK
2009-02-10 

Microsoft's February Patch Tuesday release contains four security 
bulletins. Two are rated critical, one affecting Internet Explorer and 
the other Microsoft Exchange Server. The other security bulletins affect 
editions of SQL Server and Microsoft Office Visio.

Microsoft issued four security bulletins for February's Patch Tuesday 
release in order to plug a number of remote code execution 
vulnerabilities in its products.

Two of the bulletins are rated "critical." Arguably the one with the 
greatest impact is MS09-003, which addresses two bugs affecting 
Microsoft Exchange Server. The first vulnerability could allow remote 
code execution if a malicious TNEF (Transport Neutral Encapsulation 
Format) message is sent to a Microsoft Exchange Server. The second 
vulnerability could allow denial of service if a specially crafted MAPI 
(Messaging API) command is sent to a Microsoft Exchange Server.

An attacker who successfully exploited the second vulnerability could 
cause the Microsoft Exchange System Attendant service and other services 
that use the EMSMDB32 provider to stop responding, according to 
Microsoft.

[...]


_______________________________________________      
Best Selling Security Books &amp; More!
http://www.shopinfosecnews.org/
Received on Tue Feb 10 2009 - 23:07:51 PST

This archive was generated by hypermail 2.2.0 : Tue Feb 10 2009 - 23:12:35 PST