Follow us on Twitter
Follow us on FacebookMicrosoft plugs critical Exchange, IE holes
@ 2009/02/11Microsoft Corp. today patched eight vulnerabilities -- three of them marked "critical" -- in Internet Explorer, Office, Exchange and SQL Server.
The most serious of the flaws is a bug in Exchange that attackers can trigger simply by sending a specially crafted message to a company's mail server.
In today's four security updates, Microsoft delivered fixes for the three critical flaws, as well as patches for five additional bugs it pegged as "important," the second-highest threat level in the company's four-step scoring system.
Several researchers put the Exchange update, MS09-003, at the top of their list because of the likely attack vector. According to Microsoft, the critical Exchange vulnerability can be exploited when a user "opens or previews a specially crafted e-mail message sent in TNEF format or when the Microsoft Exchange Server Information Store processes the specially crafted message."
The most serious of the flaws is a bug in Exchange that attackers can trigger simply by sending a specially crafted message to a company's mail server.
In today's four security updates, Microsoft delivered fixes for the three critical flaws, as well as patches for five additional bugs it pegged as "important," the second-highest threat level in the company's four-step scoring system.
Several researchers put the Exchange update, MS09-003, at the top of their list because of the likely attack vector. According to Microsoft, the critical Exchange vulnerability can be exploited when a user "opens or previews a specially crafted e-mail message sent in TNEF format or when the Microsoft Exchange Server Information Store processes the specially crafted message."
