The American software company released three regular security updates yesterday. Two of these, one addressing an issue with the Exchange email server and another fixing a flaw related to third-party software running on Windows, are rated as critical.
The first high-risk vulnerability appears in Microsoft Exchange and affects Microsoft Exchange Server 2000 Post-Service Pack 3, Microsoft Exchange 2000 Enterprise Server, and Microsoft Exchange Server 2003 SP1 or SP2.
“An attacker could exploit the vulnerability by crafting a message capable of executing remote code whenever the Exchange Server uses certain properties to process emails,” Microsoft stated.
According to American security firm Symantec, the bulletin MS06-019 regarding Microsoft Exchange is the most concerning patch. “Since most Exchange servers are configured to receive emails from anonymous users, this vulnerability has the potential to turn into a worm that helps hackers exploit the system,” commented Oliver Friedrichs, a Symantec expert.
Microsoft also released an update MS06-020 to address issues in versions 5 and 6 of the Macromedia Flash Player by Adobe. Hackers can design a flash file containing malicious code and upload it to any website. If users inadvertently visit the site and view that Flash content, their systems can be immediately compromised.
The Flash Player vulnerability affects Windows XP Home SP1 or SP2, XP Professional, Windows 98 Gold Service Pack or SP1, Windows 98 SE Gold Service Pack, and Windows ME Gold Service Pack.
The final bulletin, MS06-018, addresses several vulnerabilities rated as “medium” risk in Windows. Hackers could exploit the flaw to launch denial-of-service attacks after sending a malicious message through an unpatched system.
T.N.
