All the latest UK technology news, reviews and analysis

Microsoft patches two critical flaws

by Matt Chapman

10 May 2006

Be the first to comment

  • Tweet this
Microsoft has released an update for Windows that fixes critical flaws in Exchange Server and Adobe's Macromedia Flash Player
Two security holes could be used by hackers to execute code remotely on a user's PC

Microsoft has released an update for Windows that fixes critical flaws in Exchange Server and Adobe's Macromedia Flash Player

Both of the security holes could be used by hackers to execute code remotely on a user's PC and take full control.

Further reading

"An attacker could then install programs, view, change or delete data, or create new accounts with full user rights," said the Microsoft statement accompanying the update.

Monty Ijzerman, senior manager of the Global Threat Group at McAfee's Avert Labs, said: "There are two items of note in this announcement by Microsoft. 

"The vulnerability in Exchange Server poses a serious concern as it does not require any user interaction to be exploited, making the vulnerability a worm candidate."

Ijzerman also said it was "interesting" that Microsoft had issued a patch for vulnerabilities that were previously patched by Adobe.

"This is the first time in recent memory that Microsoft has published a patch for third-party software," he explained.

"In this case, it is probably because the Macromedia patch was not widely deployed and Microsoft's updates will help ensure that its customers are protected."

Tuesday's update also fixes a denial of service vulnerability in Microsoft Distributed Transaction Coordinator (MSDTC).

The problem could be exploited to send a specially crafted network message to an affected system that would stop it responding. Microsoft rated the MSDTC update as 'moderate'.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

US President Barack Obama

US identified as Stuxnet perpetrator with Obama's backing

Related white papers

Related articles

Related jobs

Today's top stories

Olympics

Top 10 steps businesses can take to prepare for the Olympics

amazon-kindle-touch-e-book-reader

Amazon Kindle Touch review

London Underground train going into tunnel

Virgin reveals 82 London Underground stations to receive Wi-Fi

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

35%

0%

10%

55%

Features

V3's Madeline Bennett

It's time to change tax system to bring technology manufacturing back to the UK

The V3 hotseat

The V3 Hot Seat: Imperva CTO and co-founder Amichai Shulman

Flame in monitor screen

Quick guide to Flame malware attack

cookies

Quick guide to cookie law compliance

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Symanteccloud

Social networking: a guide for IT managers

Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them

Riverbed

Mitigating the risks of IT change

The importance of understanding your infrastructure

Technology jobs

IT Support Analyst - Active Directory, Windows 7, MS Office

IT Support Analyst - Active Directory, Windows 7, MS...

Helpdesk / Desktop Support Analyst (Windows 7, MAC, Windows Server 2008, LAN)

Helpdesk / Desktop Support Analyst (Windows 7, MAC, Windows...

Infrastructure / Server Support Analyst - 3rd Line, Windows 2008, Exchange 2010, VMware

Infrastructure / Server Support Analyst - 3rd Line, Windows...

Credit Risk Modeller, SAS, London, £50,000

Credit Risk Modeller, SAS, London, £50,000 Title- Credit...

To send to more than one email address, simply separate each address with a comma.