Patch your Exchange Server ! – Critical Vulnerabilities Allow Remote Code Execution (959239)

February 12, 2009 By: Yann Espanet Category: Exchange 2007, KB articles

Microsoft has released a critical security update for all versions of Exchange to patch a two critical vulnerabilities :

  • The first vulnerability could allow remote code execution with a special TNEF message sent to Exchange Server. TNEF is another name for the Microsoft Outlook Rich Text Format, and an attacker who successfully exploited this vulnerability could take complete control of system with Exchange Server service account privileges.
  • The second vulnerability is a denial of service with a specially crafted MAPI command sent to Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.

This security update is rated Critical for all supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, and Microsoft Exchange Server 2007.

For more information :

Details on the Exchange exploit:…n/MS09-003.mspx

Download the patch :…&displaylang=en

 Exchange 2007 TNEF Conversion Options :

Comments are closed.