As part of its monthly security-bulletin update, Microsoft released on Tuesday three new security updates.
One bulletin pertains to a breach in Microsofts Internet Security and Acceleration Server 2000 that could allow an attacker to run arbitrary code on a users system. Specifically, the ISA vulnerability is triggered by a filter in the Microsoft Firewall Service that does not perform proper boundary checks.
Microsoft characterized this update as “critical.” The ISA 2000 patch is available for download here.
A second security bulletin covers a hole in Exchange Server 2003 where an Outlook Web Access user could randomly access another users mailbox. To remedy the problem, Microsoft is telling users to install an update on all their front-end Microsoft Exchange 2003 servers.
Microsoft deemed this update “moderate” in importance. The Exchange 2003 Security Update is available here.
The third bulletin relates to a Windows breach that allows code to be run arbitrarily on a users system. The company said the vulnerability revolves around a collection of components, called Microsoft Data Access components, that provide database connectivity on various Windows releases, including Windows 2000, Windows XP, Windows Server 2003.
Microsoft characterized this update as “important.” More information about the Microsoft Data Access components is available here.
Finally, Microsoft also reissued Bulletin MS03-045, designed to correct a flaw in the Thai, Hebrew and Arabic versions of nearly all versions of Windows, involving a buffer overrun problem. Microsoft issued the original bulletin in October.
The company marked this patch as an “important” update. The Buffer Overrun Update is available here.
Also on Tuesday, the company released to its Windows Update site a new worm removal tool aimed primarily at home users to help them remove lurking Blaster and Nachi worms from their Windows 2000 and Windows XP systems. Microsoft released this tool to its Download Center last week.
Microsoft makes all its security bulletins available on its Microsoft Security site. The company said it has scheduled several Webcasts over the next couple of weeks to provide particulars about its latest security bulletins.