Tip

Microsoft security bulletins for May

The second Tuesday, affectionately known as 'Patch Tuesday' by Microsoft Windows administrators, has come and gone. For the month of May, Microsoft released a total of three new Security Bulletins. Two of them, MS06-019 and MS06-020 are rated as 'Critical' by Microsoft, while MS06-018 is considered to be only a 'Moderate' risk.

  • MS06-018 (Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service): Two vulnerabilities exist in the Microsoft Distributed Transaction Coordinator (MSDTC) programming. If an attacker exploits either of these vulnerabilities, a DoS (denial of service) condition could be created and the system may stop accepting requests.

    Microsoft lists the affected systems as Windows 2000 SP4, Windows XP SP1 and SP2, Windows Server 2003 and Windows Server 2003 for Itanium.

  • MS06-019 (Vulnerability in Microsoft Exchange Could Allow Remote Code Execution): This Security Bulletin pertains to a flaw in Microsoft Exchange Server related to the way vCal or iCal calendar messages are processed. The vulnerability could be exploited by a remote attacker. A successful exploit could lead to execution of code on the server, or it could possible take complete control of the target Exchange Server system.

    Applying this patch is considered 'Critical' according to Microsoft, but the flaw only affects Exchange Server 2000 and Exchange Server 2003 systems.

  • MS06-020 (Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution): The patch referenced by this Security Bulletin resolves two different vulnerabilities in the Macromedia Flash Player utility. Both vulnerabilities could allow an attacker, using a malicious Flash animation file (SWF) to execute code on the target system with the same rights and privileges as the logged in user. If the user has Administrator privileges, the attacker could gain complete control of the vulnerable system.

    Microsoft only lists Windows 9x and Windows XP SP1 and SP2 systems as affected, but that is because they are the only versions that ship with the Macromedia Flash Player installed by default. Any version of Windows that has the Macromedia Flash Player installed is potentially vulnerable. For more details, you can check out the Adobe bulletin ASPB06-03.

Some security experts expected Microsoft to also include a new Internet Explorer patch. Microsoft just released a cumulative patch last month for the Web browser, but new vulnerabilities have since been exposed, some of which can be used to take control of a vulnerable remote system and at least one of which is rumored to have working exploit code published.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit S3KUR3.com.


This was first published in May 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.