Subsequent to Microsoft issuing information on seven new critical security bulletins, Symantec evaluates two of the most critical issues.

Vulnerability in Microsoft Exchange

Symantec Security Response rates the vulnerability in Microsoft Exchange as one of the more critical issues this month.  This remote code execution vulnerability affects the MIME (Multipurpose Internet Mail Extensions) decoding mechanism of Microsoft Exchange Server 2000/2003/2007. Specifically, this issue can be triggered by a malformed base64-encoded attachment.

Vulnerabilities in Windows Internet Explorer

Microsoft issued a security bulletin that included five vulnerabilities (four critical and one important) in Internet Explorer. The Property Type Memory Corruption Vulnerability and HTML Objects Memory Corruption Vulnerability are client-side code execution vulnerabilities affecting Internet Explorer 6.0, 7.0 and Internet Explorer 7.0, respectively, and both affect Internet Explorer 7.0 on Vista. 

Symantec recommends the following actions for IT administrators:

•    Evaluate the possible impact of these vulnerabilities to critical systems.
•    Plan for required responses including patch deployment and implementation of security best practices using the appropriate security and availability solutions.
•    Verify that appropriate data backup processes and safeguards are in place and effective.
•    Remind users to exercise caution in opening all unknown or unexpected e-mail attachments and in following Web links from unknown or unverified sources.

Symantec recommends the following actions for consumers:

•    Regularly run Windows Update and install the latest security patches to keep software up to date.
•    Avoid opening unknown or unexpected e-mail attachments or following Web links from unknown or unverified sources.
•    Use an Internet security solution such as Norton Internet Security 2007 to protect against today’s known threats and tomorrow’s Internet security risks.