October 16, 2003 — (WEB HOST INDUSTRY REVIEW) — Microsoft (microsoft.com) warned users on Wednesday of seven new security vulnerabilities affecting its Windows and Exchange systems. Five of the vulnerabilities are considered “critical,” with four affecting Windows and one affecting Exchange.
r
r
According to Microsoft Security Bulletin MS03-041, a vulnerability in authentication verification could allow remote code execution. This vulnerability is rated critical and affects Windows NT, 2000, XP and the recently released Windows Server 2003. Security Bulletin MS03-043 warns of a buffer overrun in the messenger service that could also allow a remote code execution. The vulnerability is also rated critical and affects the same systems as in Security Bulletin MS03-042.
r
r
Security Bulletin MS03-046 warns of a flaw in Microsoft Exchange Server 5.5. Also rated critical, the vulnerability could allow arbitrary code execution. The flaw also affects the Windows Server 2000 platform.
r
r
The critical vulnerabilities affecting Windows Server 2003 follow the first security vulnerability rated “critical” discovered in July.
