Wednesday, February 09, 2005
New security bulletin released
Yesterday, a series of new security bulletins were released. One in particular is of interest because it affects a broad range of products, including Exchange 2003 and Exchange 2003 SP1. It is also listed with a severity rating of critical. If you are running any of the products listed in the security bulletin, this patch is one that you ought to apply now.
Microsoft Security Bulletin MS05-012
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333).
David Lemson, who works on the Exchange team at Microsoft, writes the following, which should tell you that this is an important patch.
"Read this bulletin: http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx
Install the patches. Get others to do the same. This is an important OS fix for Exchange systems."
I've been following Robert Hensing's Incident Response Blog http://blogs.msdn.com/robert_hensing/Rss.aspx and it sounds like the majority of cases that he and his team work on involve systems that were not patched. Don't become a statistic. Install this patch.