May 9, 2006
Start Your Patching Engines – May Patch Roundup
As we previously mentioned, there’s two Windows Patches and One for Exchange. Let’s start with the Windows:
- Denial of Service Vulnerability in Distributed Transaction Coordinator
- 2 Vulnerabilities fixed with one patch
- Remotely Exploitable
- Affected: XP SP1&2, 2000, 2003
- Non-Affected: 2003 SP1, 98, ME
- Vulnerabilities in Flash Player Could Allow Remote Code Execution
- Announced by MS because they bundled Flash player since Windows 98.
- 2 Vulnerabilities in one patch
- Exploitable by visiting a malicious website, or (rarely) by opening an email.
- Definitely Affected: XP SP1&2, 98, ME
- Maybe Affected: Anything else you installed Flash on.
The Exchange one is the most tricky and scary:
- Vulnerability in Exchange Could Allow Remote Code Execution
- Exploited by sending a malicious cal or iCal message through and Exchange server.
- Breaks Blackberry Enterprise Server and Goodlink functionality (via SANS ISC) But it’s fixable.
- No workarounds.
- Affected: Exchange Server 2000, Server 2003 SP1&2
Have fun with this one.
Official Patch Summary [Microsoft]
