Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Windows, Exchange flaws patched

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Windows, Exchange flaws patched
Date: Wed, 10 May 2006 01:10:15 -0500 (CDT) 
http://news.com.com/Windows%2C+Exchange+flaws+patched/2100-7350_3-6070350.html

By Dawn Kawamoto 
Staff Writer, CNET News.com
Published: May 9, 2006

Microsoft on Tuesday released three security updates, two of which
address critical flaws in its Exchange e-mail server and third-party
software in Windows.

Critical vulnerabilities in Microsoft Exchange Calendar and Adobe's
Macromedia Flash Player in Windows can lead to a remote execution of
code on a user's system, according to Microsoft's security bulletins.

The software giant also issued a "moderate" update for flaws in
Windows, according to the software giant's bulletin. A malicious
attacker could launch a denial-of-service attack by sending a
specially crafted network message through the system to exploit the
flaw.

The critical Microsoft Exchange flaws affect Microsoft Exchange Server
2000 with Post-Service Pack (SP) 3, Microsoft Exchange 2000 Enterprise
Server, and Microsoft Exchange Server 2003 with SP 1 or SP 2.

"An attacker could exploit the vulnerability by constructing a
specially crafted message that could potentially allow remote code
execution when an Exchange Server processes an e-mail with
certain...properties," according to Microsoft's bulletin.

Security firm Symantec said the Microsoft Exchange flaw is the most
serious of the three.

"Because the majority of Exchange servers are configured to receive
e-mails from anonymous users, this vulnerability has the potential to
manifest itself in the form of a worm if machines are not properly
patched," Oliver Friedrichs, Symantec Security Response director, said
in a statement.

Microsoft also issued a Windows update for what it described as
critical flaws in Adobe's Macromedia Flash Player 5 and 6. An attacker
could exploit these vulnerabilities in the Flash Player by
constructing a malicious Flash animation file. Users visiting a Web
site containing the specially crafted file may find their computer
system taken over.

The Flash Player flaws affect Windows XP Home Edition, with SP 1 or SP
2; XP Professional; Windows 98 with Gold service pack or SP1; Windows
98 SE with Gold service pack; and Windows ME with Gold service pack.

Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Windows, Exchange flaws patched, InfoSec News <=
Previous by Date:  [ISN] Utility may face investigation for sale of unscrubbed drives, InfoSec News
Next by Date:  [ISN] Call for Papers hack.lu 2006, InfoSec News
Previous by Thread:  [ISN] Utility may face investigation for sale of unscrubbed drives, InfoSec News
Next by Thread:  [ISN] Call for Papers hack.lu 2006, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]