Last week, Microsoft released its monthly security update cycle which contained six security updates and one re-release.Nothing new so far, except that one of those six security updates has been labeled CRITICAL by Microsoft and it affects all Windows versions since Windows 2000 up to Vista.
It's Outlook Express that got fried.
That one "has the potential to be the worst of the batch because these applications come packaged with nearly every release of the Windows operating system," said Ben Greenbaum, a senior research manager with Symantec Security Response, in a statement e-mailed by the company.
To illustrate the point, here's the list of affected Windows versions:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Packs 1 and 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 or SP2 for Itanium-based Systems
Windows Vista
Windows Vista x64 Edition
This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.
This is a critical security update for all supported versions of Microsoft Outlook express and Microsoft Windows Mail.
