MS Critical Patch Fixes 8 Vulnerabilities

Posted by CmdrTaco on Wednesday February 11, 2009 @04:39AM from the your-server-is-sick dept.

nandemoari writes "A hole allowing hackers to take control of Microsoft Exchange was just one 'critical' issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer browser, Office, and its SQL Server. Three of the eight vulnerabilities patched yesterday were marked 'critical.' The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be exploited when a user opens or previews an email in the Transport Neutral Encapsulation Format (TNEF)."

2 of 202 comments (clear)

Min score:

Reason:

Sort:

Re:I love the small of hot-fix patches in the morn by Anonymous Coward · 2009-02-11 05:00 · Score: 0, Flamebait

OH Heavens! A local vulnerability which could leave to privilege escalation!
The exchange bugs in question were remote hole mr troll.
Re:Doesn't Sound so Bad by subsoniq · 2009-02-11 09:17 · Score: 0, Flamebait

it isn't a pain in the ass if you actually have a *clue* to what you are doing, and as for scaling, we run 3000 users per exchange mailbox cluster, and we expect to be able to get well over twice that when we go to Exchange 2007.