Home / bulletins MS09-003 - Critical: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) - Version:2.0
Posted on 17 February 2009
There is an newer version: MS09-003 - Version: 3.0
CriticalSeverity Rating: Critical - Revision Note: V2.0 (February 16, 2009): Added the Microsoft Exchange Server MAPI Client as affected software. Also, added several entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, relating to updating the MAPI Client and the Exchange System Management tools. No other update packages are affected by this re-release. Customers running all other supported and affected versions of Microsoft Exchange Server who have already successfully applied the original security update packages do not need to take any further action.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.
Other versions
- MS09-003 - Version: 1.0
- MS09-003 - Version: 2.0
- MS09-003 - Version: 2.1
- MS09-003 - Version: 3.0
- MS09-003 - Version: 3.0
