Microsoft releases critical update for Exchange MAPI client

Microsoft yesterday re-released one of its critical Patch Tuesday updates to add the Microsoft Exchange Server MAPI Client as affected software. If you've already updated your Exchange server, you do not need to take further action to make your Exchange server safe, Microsoft says. However, the Microsoft Exchange Server MAPI Client contains the vulnerable code, the company says, and customers using it must update to version 6.5.8069 of the MAPI Client to protect themselves from this vulnerability.

MS09-003 resolves two vulnerabilities in Microsoft Exchange Server. According to Microsoft:

"The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding. This security update is rated Critical for all supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft Exchange Server MAPI Client."

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers.bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Sign up for the

Windows Mobile 6.5 - is it as cool as the iPhone?Microsoft puts $250K bounty on Conficker's headDoes Microsoft squander billions in R&D?Shareholder activist targets Microsoft Best Microsoft-related Tweets (and list of MS Tweeps)

Will Windows 7 upgrade strategy keep XP users away…no!

Follow Microsoft Subnet on Twitter
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.