Microsoft Issues New Batch Of Security Updates

The bulletins cover flaws found in ISA Server 2000, Exchange Server 2003, and Windows.

George V. Hulme, Contributor

January 13, 2004

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Microsoft on Tuesday released three security bulletins to secure flaws discovered in ISA Server 2000, Exchange Server 2003, and Windows. The most severe flaw, rated as critical by Microsoft, is in ISA Server 2000.

The Microsoft Internet Security and Acceleration Server 2000 flaw, detailed in bulletin MS04-001, is located in the application's H.323 filter; if left unpatched, it could place the app at risk for a buffer-overflow attack against its firewall. If successful, the attacker could gain complete control over the system, Microsoft warns in its bulletin. The H.323 filter is turned on by default on servers running ISA Server 2000 in firewall or integrated mode.

The second flaw, detailed in bulletin MS04-002, is rated moderate by Microsoft. The flaw appears difficult to exploit, but would let attackers access certain E-mail boxes of customers using Exchange 2003 front-end server and Outlook Web Access. Microsoft says the flaw causes "random and unreliable" access to mailboxes that have been recently accessed via Outlook Web Access.

The third vulnerability affects Microsoft Data Access Components, a collection of components that provide database connectivity on systems running the Windows operating system. As detailed in bulletin MS04-00, the flaw has been found in MDAC versions 2.5, 2.6, 2.7, and 2.8, which are included with Windows 2000, SQL Server 2000, Windows XP, and Windows Server 2003, respectively. This flaw could allow the comprise of these systems and let an attacker run malicious code on an at-risk system.

Microsoft urges its customers to update their systems quickly.

About the Author

George V. Hulme

Contributor

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights