Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

“This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.

This security update is rated Critical for all supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft Exchange Server MAPI Client. For more information, see the subsection, Affected and Non-Affected Software, in this section.”

http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP – Forefront Edge Security (ISA/TMG/IAG)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top