Two critical MS patches
by Ivana Strahija on May 10th, 2006 The regular Microsoft patch Tuesday brought three patches, two of which are critical. The vulnerabilities allow remote code execution, so don’t forget to patch up.
The most serious of the threesome is the bug in Microsoft Exchange and its calendar function: -An attacker could exploit the vulnerability by constructing a specially crafted message that could potentially allow remote code execution when an Exchange Server processes an email with certain vCal or iCal properties, says the Microsoft vuknerability advisory.
The second flaw addressed in the Tuesday patch bundle is in fact one that has been already long patched: Adobe Macromedia Flash Player had a problem with handling of SWF files. Maliciously crafted SWF's could lead to remote code execution. Only users of versions 6 and prior need this update.
The last piece of the bundle is a moderate vulnerability in Microsoft Distributed Transaction Coordinator which would allow a malicious attacker DoS the infected system.