Microsoft has released a patch that fixes three unrelated flaws affecting its Internet Security and Acceleration (ISA) Server, part of the .Net Enterprise Server line.
The ISA Server, which provides networks with firewall protection from unauthorised access and external hacking attacks, also notifies network administrators of any suspicious activity.
Specifically, the patch addresses vulnerabilities in the ISA Server's Voice over IP (VoIP) capabilities, its Proxy service and error page generation.
The first flaw concerns a memory leak in the H.323 Gatekeeper service which allows VoIP traffic through a firewall. The second flaw, which can lead to denial of service attacks, is also a memory leak and could cause the server to slow down.
Microsoft said the problem in the software's Proxy service is made less serious because only an internal user can exploit it.
The third involves the way the ISA Server handles error messages about irretrievable web pages that could allow an attacker to gain access to cookies on both the server and user machines and to execute code.
The patch can be downloaded from Microsoft's website here.
Separately, the Redmond giant has released a patch to fix a flaw in an ActiveX control that could allow attackers to run destructive code on a user's computer.
The company had advised users on 12 July to disable ActiveX controls until the patch was made available. The defect was found in the Microsoft Outlook View Control that is installed with Outlook 98, 2000 and 2002.
Dark matter holds the Universe together - and gravitational waves could help identify it
Addison Lee is working on autonomous taxis for commuting and pleasure
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older