Home / bulletins MS09-003 - Critical: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) - Version:3.0
Posted on 01 August 2009
CriticalSeverity Rating: Critical - Revision Note: V3.0 (May 26, 2009): Added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, to announce a detection change to the update for Microsoft Exchange Server 2003 Service Pack 2 (KB959897). This is a detection change only. There were no changes to the security update files in this bulletin. Customers who have already installed the KB959897 update successfully do not need to reinstall.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.
Other versions
- MS09-003 - Version: 1.0
- MS09-003 - Version: 2.0
- MS09-003 - Version: 2.1
- MS09-003 - Version: 3.0
- MS09-003 - Version: 3.0
