By Brian Prince
Microsoft's February Patch Tuesday release contains four security
bulletins. Two are rated critical, one affecting Internet Explorer and
the other Microsoft Exchange Server. The other security bulletins affect
editions of SQL Server and Microsoft Office Visio.
Microsoft issued four security bulletins for February's Patch Tuesday
release in order to plug a number of remote code execution
vulnerabilities in its products.
Two of the bulletins are rated "critical." Arguably the one with the
greatest impact is MS09-003, which addresses two bugs affecting
Microsoft Exchange Server. The first vulnerability could allow remote
code execution if a malicious TNEF (Transport Neutral Encapsulation
Format) message is sent to a Microsoft Exchange Server. The second
vulnerability could allow denial of service if a specially crafted MAPI
(Messaging API) command is sent to a Microsoft Exchange Server.
An attacker who successfully exploited the second vulnerability could
cause the Microsoft Exchange System Attendant service and other services
that use the EMSMDB32 provider to stop responding, according to
Best Selling Security Books & More!