January 14, 2004

Information Week: Microsoft Issues New Batch Of Security Updates

My spin: You can go insane keeping up with the security of your corporate infrastructure. But, I'd highly suggest that you keep up with the critical security updates that Microsoft releases for its products. These updates can better protect your IT environment for various security holes.

Microsoft on Tuesday released three security bulletins to secure flaws discovered in ISA Server 2000, Exchange Server 2003, and Windows. The most severe flaw, rated as critical by Microsoft, is in ISA Server 2000.
The Microsoft Internet Security and Acceleration Server 2000 flaw, detailed in bulletin MS04-001, is located in the application's H.323 filter; if left unpatched, it could place the app at risk for a buffer-overflow attack against its firewall. If successful, the attacker could gain complete control over the system, Microsoft warns in its bulletin. The H.323 filter is turned on by default on servers running ISA Server 2000 in firewall or integrated mode.

The second flaw, detailed in bulletin MS04-002, is rated moderate by Microsoft. The flaw appears difficult to exploit, but would let attackers access certain E-mail boxes of customers using Exchange 2003 front-end server and Outlook Web Access. Microsoft says the flaw causes "random and unreliable" access to mailboxes that have been recently accessed via Outlook Web Access. (full story)

0 comments