Fixlet Site - EnterpriseSecurity
Current Version: 1140	Published: Thu, 12 Feb 2009 01:03:25  GMT

New Fixlets:
============

***************************************************************
Title: MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution - Exchange Server 2007 SP1
Severity: Critical
Fixlet ID: 900305
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx

Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: Microsoft does not support the x86 version of Exchange Server 2007 SP1 for production use. Please take extra care to qualify your installation before deploying this Fixlet message.

***************************************************************
Title: MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution - Exchange Server 2007 SP1 - CORRUPT PATCH
Severity: Critical
Fixlet ID: 900306
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx