c|Net carries thison three flaws Microsoft is documenting and patching:
- An ISA 2000 flaw in their ITU H.323 protocol is a danger for ISA and Small Business Server users,
- An MDAC flaw in Windows 2000 and XP is rated as “important” but not critical, explains the article, because the complex attack would require “successfully disguising the attacking computer as an SQL server” – anyone remember SQL Slammer? Hmmm.
- The last vulnerability is yet another exploit of Outlook Web Access to an Exchange 2003 server. When is Microsoft going to realize the OWA is a constant source of problems and scrap the thing?
You can find details and links to the patches at http://www.microsoft.com/security/
I report from the article, as I haven’t seen these in my inbox yet, although I was signed up for Microsoft security bulletins and I certainly got a lot of them last year. A link off the security site leads to this announcement which may mean they are no longer issuing the bulletins as MS04-01, MS04-02 and MS04-03 as they would have in previous years. It’s the third week of 2004.