Microsoft released three patches -- two deemed critical -- covering vulnerabilities in Microsoft Exchange, Flash and Windows.
Topping the list of security bulletins released as part of the software giant's monthly "patch Tuesday" was a vulnerability in Microsoft Exchange Server.
The MS06-019 patch focuses on what Amol Sarwate, vulnerability manager for managed security firm Qualys, called an "old-school vulnerability," able to skim e-mail addresses and propagate a worm.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iThe vulnerability could give attackers complete control of systems using Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup and Microsoft Exchange Server 2003 with Service Pack 1 and 2.
The Exchange Server vulnerability marks a shift from attacking client applications, such as IE or Outlook, that require interaction by users to flaws based in servers.
Targeting Exchange is especially worrisome because it is always up, always online and capable of spreading an attack.
The Exchange Server security breach centers on vCal or iCal calendar properties.