Microsoft has released its May set of security patches, fixing critical bugs in Word, Excel, Windows, Office, Internet Explorer, Exchange and the CAPICOM cryptography technology used by BizTalk Server.
Microsoft rates all seven groups of the updates as critical, but security experts said that IT administrators should be particularly concerned with the MS07-026 and MS07-029 updates, which fix flaws in Exchange and the Windows DNS server. The Exchange update fixes previously undisclosed flaws in Microsoft"s messaging software that could be exploited to seize control of the server. Hackers could potentially install unauthorized software on the server simply by sending it a maliciously crafted e-mail message. Unlike the Exchange bugs, the flaw in Windows" DNS server flaw has been known for about a month and therefore attackers have already developed code that exploits the flaw. The problem affects Windows 2000 and Windows Server 2003 systems, which can be tricked into running unauthorized software when an attacker sends them maliciously encoded RPC packets to the DNS server.