Microsoft 10 Feb – patch tuesday
Hi all system admins…we again have some work to do : )
Microsoft released 4 patches this Tuesday. Details are as mentioned below.
|
Patch |
Description |
Rating |
Affected products |
|
Cumulative Security Update for Internet Explorer (961260). The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition. |
Critical |
IE 7 on Win XP,& Win Vista |
|
|
Moderate |
IE 7 on Win 2003 and Win 2008 |
||
|
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239). This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.The security update addresses the vulnerabilities by modifying the way Microsoft Exchange Server interprets TNEF messages and MAPI commands. |
Critical |
All supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, and Microsoft Exchange Server 2007. |
|
|
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420). The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system.The security update addresses the vulnerability by validating input parameters passed to an extended stored procedure. |
Important |
All supported releases of SQL Server 2000, SQL Server 2005 Service Pack 2, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). |
|
|
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634). This vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.The security update addresses these vulnerabilities by modifying the way that Microsoft Office Visio performs validations when opening Visio files. |
Important |
Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, and Microsoft Office Visio 2007 Service Pack 1. |
So tech-guys, mark this up in your schedule and start the patch-work. : )
Similar Posts you might be interested in:
Vulnerability Assessment | w0lf | February 11, 2009
microsoft, ms09-002, ms09-003, ms09-004, ms09-005, patch tuesday, patches
