Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Critical Patch Fixes 8 Vulnerabilities

Posted by CmdrTaco on from the your-server-is-sick dept.

nandemoari writes "A hole allowing hackers to take control of Microsoft Exchange was just one 'critical' issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer browser, Office, and its SQL Server. Three of the eight vulnerabilities patched yesterday were marked 'critical.' The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be exploited when a user opens or previews an email in the Transport Neutral Encapsulation Format (TNEF)."

3 of 202 comments (clear)

  1. Is it that easy? by UnknowingFool · · Score: 4, Interesting

    I don't know anything about Exchange but you mean to tell me that someone sending an email to an Exchange server can allow it to take over the server? It's one thing for hackers to rely on social networking and fool a user into executing an attachment. It's another thing to be able to takeover simply by sending a message.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
    1. Re:Is it that easy? by Just+Some+Guy · · Score: 4, Interesting

      yeah but qmail hasn't :p

      Of course, it has about 5% of the features of Exchange or Postfix or Exim or Sendmail or...

      --
      Dewey, what part of this looks like authorities should be involved?
  2. We installed it ... by humph2 · · Score: 3, Interesting

    ... and Exchange 2003 stopped delivering messages to mailboxes.

    Rolled it back, and everything worked fine ^H^H^H^H just as it used to.

    I may be missing the point of these "fixes", but surely "security updates" should actually be tested at some stage?