Microsoft Releases February Bulletin, With Two Patches Labeled ‘Critical’
On February 10, 2009, Microsoft issued four fresh security updates that specifically address eight flaws. The updates reportedly include patches for critical flaws in Internet Explorer and Exchange that could enable malicious attackers to hack into users' computers remotely.
Further, of the total security bulletins released by Microsoft's monthly Patch Tuesday, two were considered critical. The first one, MS09-002, fixes vulnerability in the Microsoft Exchange Server that is regarded as most serious since it makes users susceptible to open an e-mail that contains a malicious attachment capable of running sinister software on the Server.
Says Ben Greenbaum, Senior Research Manager at Symantec Security Response that the Exchange Server attack could lead to the installation as well as execution of a malicious code supplied by the attacker and thus, providing him total control over the server that hosts the e-mail, as reported by CIO-Today on February 11, 2009.
Moreover, according to Andrew Storms, Director of security operations at nCircle, all sorts of extremely proprietary and sensitive information get transmitted via an Exchange Server daily. Therefore, acquiring control over that server along with its content could prove highly profitable to any cyber-crook, as reported by CIO-Today.
Though, according to security specialists, the patch merely applies to the latest editions of the Exchange Server. This implies that any organization lagging behind in updates willing to adopt the patch would have to carry out an elaborate installation along with a similar testing procedure to make the Server reach the existing code level.
Meanwhile, Microsoft's second critical bulletin MS09-003 is aimed at another flaw in the Exchange Server that could let hackers create a denial-of-service assault on the user's computer, leading to the total shutdown of the system.
Further, one additional fix that Microsoft described as 'important,' addresses three flaws in Microsoft Office Visio that could allow hackers to execute their code remotely, provided the user opens a maliciously designed Visio file.
Finally, the last and equally 'important' patch within the package, fixes SQL Server that could otherwise allow execution of remote code, provided the hackers are able to access the vulnerable system, alternatively if the computer has been attacked with an SQL injection.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 25-02-2009