Exchange Server and Flash player holes plugged
Microsoft has released an update for Windows that fixes critical flaws in Exchange Server and Adobe's Macromedia Flash Player.
Both of the security holes could be used by hackers to execute code remotely on a user's PC and take full control.
"An attacker could then install programs, view, change or delete data, or create new accounts with full user rights," said the Microsoft statement accompanying the update.
Monty Ijzerman, senior manager of the Global Threat Group at McAfee's Avert Labs, said: "There are two items of note in this announcement by Microsoft.
"The vulnerability in Exchange Server poses a serious concern as it does not require any user interaction to be exploited, making the vulnerability a worm candidate."
Ijzerman also said it was "interesting" that Microsoft had issued a patch for vulnerabilities that were previously patched by Adobe.
"This is the first time in recent memory that Microsoft has published a patch for third-party software," he explained.
"In this case, it is probably because the Macromedia patch was not widely deployed and Microsoft's updates will help ensure that its customers are protected."
Tuesday's update also fixes a denial of service vulnerability in Microsoft Distributed Transaction Coordinator (MSDTC).
The problem could be exploited to send a specially crafted network message to an affected system that would stop it responding. Microsoft rated the MSDTC update as 'moderate'.
Microsoft has released an update for Windows that fixes critical flaws in Exchange Server and Adobe's Macromedia Flash Player.
Both of the security holes could be used by hackers to execute code remotely on a user's PC and take full control.
"An attacker could then install programs, view, change or delete data, or create new accounts with full user rights," said the Microsoft statement accompanying the update.
Monty Ijzerman, senior manager of the Global Threat Group at McAfee's Avert Labs, said: "There are two items of note in this announcement by Microsoft.
"The vulnerability in Exchange Server poses a serious concern as it does not require any user interaction to be exploited, making the vulnerability a worm candidate."
Ijzerman also said it was "interesting" that Microsoft had issued a patch for vulnerabilities that were previously patched by Adobe.
"This is the first time in recent memory that Microsoft has published a patch for third-party software," he explained.
"In this case, it is probably because the Macromedia patch was not widely deployed and Microsoft's updates will help ensure that its customers are protected."
Tuesday's update also fixes a denial of service vulnerability in Microsoft Distributed Transaction Coordinator (MSDTC).
The problem could be exploited to send a specially crafted network message to an affected system that would stop it responding. Microsoft rated the MSDTC update as 'moderate'.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: