The second Tuesday, affectionately known as 'Patch Tuesday' by Microsoft Windows administrators, has come and gone. For the month of May, Microsoft released a total of three new Security Bulletins. Two of them, MS06-019 and MS06-020 are rated as 'Critical' by Microsoft, while MS06-018 is considered to be only a 'Moderate' risk.
- MS06-018 (Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service): Two vulnerabilities exist in the Microsoft Distributed Transaction Coordinator (MSDTC) programming. If an attacker exploits either of these vulnerabilities, a DoS (denial of service) condition could be created and the system may stop accepting requests.
Microsoft lists the affected systems as Windows 2000 SP4, Windows XP SP1 and SP2, Windows Server 2003 and Windows Server 2003 for Itanium.
- MS06-019 (Vulnerability in Microsoft Exchange Could Allow Remote Code Execution): This Security Bulletin pertains to a flaw in Microsoft Exchange Server related to the way vCal or iCal calendar messages are processed. The vulnerability could be exploited by a remote attacker. A successful exploit could lead to execution of code on the server, or it could possible take complete control of the target Exchange Server system.
Applying this patch is considered 'Critical' according to Microsoft, but the flaw only affects Exchange Server 2000 and Exchange Server 2003 systems.
- MS06-020 (Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution): The patch referenced by this Security Bulletin resolves two different vulnerabilities in the Macromedia Flash Player utility. Both vulnerabilities could allow an attacker, using a malicious Flash animation file (SWF) to execute code on the target system with the same rights and privileges as the logged in user. If the user has Administrator privileges, the attacker could gain complete control of the vulnerable system.
Microsoft only lists Windows 9x and Windows XP SP1 and SP2 systems as affected, but that is because they are the only versions that ship with the Macromedia Flash Player installed by default. Any version of Windows that has the Macromedia Flash Player installed is potentially vulnerable. For more details, you can check out the Adobe bulletin ASPB06-03.
Some security experts expected Microsoft to also include a new Internet Explorer patch. Microsoft just released a cumulative patch last month for the Web browser, but new vulnerabilities have since been exposed, some of which can be used to take control of a vulnerable remote system and at least one of which is rumored to have working exploit code published.
About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit S3KUR3.com.
This was first published in May 2006