Microsoft Patches Critical Exchange, Flash Holes
A moderate DOS patch rounds out patch Tuesday.
Microsoft released three patches -- two deemed critical -- covering vulnerabilities in Microsoft Exchange, Flash and Windows.
Topping the list of security bulletins released as part of the software giant's monthly "patch Tuesday" was a vulnerability in Microsoft Exchange Server.
The MS06-019 patch focuses on what Amol Sarwate, vulnerability manager for managed security firm Qualys, called an "old-school vulnerability," able to skim e-mail addresses and propagate a worm.
The Exchange Server vulnerability marks a shift from attacking client applications, such as IE or Outlook, that require interaction by users to flaws based in servers.
Targeting Exchange is especially worrisome because it is always up, always online and capable of spreading an attack.
The Exchange Server security breach centers on vCal or iCal calendar properties.