Microsoft's critical patches for servers and desktops

Stephen Withers
Wednesday, 11 February 2009 01:45

IT Industry - Market

This month's security bulletins from Microsoft are evenly balanced between servers and desktops. There are two critical and two important bulletins.

Microsoft routinely issues security bulletins on the second Tuesday of the month. After a quiet start to the year with a solitary bulletin in January, February's Patch Tuesday brings a more typical load for system administrators.

The first critical bulletin addresses a pair of privately reported vulnerabilities in Internet Explorer. Maliciously crafted pages could trigger remote code execution, and Microsoft has warned that exploits are easily constructed.

These issues affect Internet Explorer 7 on XP, Vista, Server 2003 and Server 2008, though it is only regarded as moderate on the server operating systems

February's other critical bulletin concerns Exchange, and again involves two privately reported vulnerabilities.

One involves sending a maliciously crafted TNEF message to Exchange to take control of the server with the same privileges as the Exchange Server service account. The other describes how a maliciously crafted MAPI command can be sent to Exchange to cause various services to stop responding.

Affected are Exchange 2000, 2003 and 2007. The bulletin is rated critical for all three versions.

What other server product is vulnerable? See page 2.