Microsoft plugs critical Exchange, IE holes

jmke · 11th February 2009, 20:36

Microsoft Corp. today patched eight vulnerabilities -- three of them marked "critical" -- in Internet Explorer, Office, Exchange and SQL Server.

The most serious of the flaws is a bug in Exchange that attackers can trigger simply by sending a specially crafted message to a company's mail server.

In today's four security updates, Microsoft delivered fixes for the three critical flaws, as well as patches for five additional bugs it pegged as "important," the second-highest threat level in the company's four-step scoring system.

Several researchers put the Exchange update, MS09-003, at the top of their list because of the likely attack vector. According to Microsoft, the critical Exchange vulnerability can be exploited when a user "opens or previews a specially crafted e-mail message sent in TNEF format or when the Microsoft Exchange Server Information Store processes the specially crafted message."

http://www.computerworld.com/action/...intsrc=hm_list

11th February 2009, 20:36	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 82,473	Microsoft plugs critical Exchange, IE holes Microsoft Corp. today patched eight vulnerabilities -- three of them marked "critical" -- in Internet Explorer, Office, Exchange and SQL Server. The most serious of the flaws is a bug in Exchange that attackers can trigger simply by sending a specially crafted message to a company's mail server. In today's four security updates, Microsoft delivered fixes for the three critical flaws, as well as patches for five additional bugs it pegged as "important," the second-highest threat level in the company's four-step scoring system. Several researchers put the Exchange update, MS09-003, at the top of their list because of the likely attack vector. According to Microsoft, the critical Exchange vulnerability can be exploited when a user "opens or previews a specially crafted e-mail message sent in TNEF format or when the Microsoft Exchange Server Information Store processes the specially crafted message." http://www.computerworld.com/action/...intsrc=hm_list __________________

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch	jmke	WebNews	0	14th April 2009 19:47
Microsoft Security Bulletin Summary for September 2008	jmke	WebNews	0	9th September 2008 20:20
Microsoft Security Bulletin Summary for August 2007	jmke	WebNews	0	14th August 2007 23:21
A 'Critical' Patch Day For Microsoft	Sidney	WebNews	4	9th May 2007 15:59
W2S: Apple megapatch plugs 45 security holes	Mr Robot	Portable Storage, Games, Consoles, Laptops, Phones, Multimedia and Gadget News	0	14th March 2007 16:30
Microsoft Security Bulletin Summary for February 2007	jmke	WebNews	0	14th February 2007 01:25
Microsoft plans April 11 for super critical IE bug fix	jmke	WebNews	0	28th March 2006 10:33
Microsoft Reveals Nine New Ways to Get in Touch With the PC	Sidney	WebNews	0	8th September 2004 19:58
HP and Microsoft Expand Security Solutions Portfolio	Sidney	WebNews	0	25th May 2004 07:28
INFO: Windows XP Services ( what to enable/disable)	The Senile Doctor	FAQ / INFO / HOW-TO	7	9th September 2003 14:59