Microsoft recently announced fixes to address a critical security flaw that allows malicious web site to install Malware to an infected PC. The malware affects those Pc’s that are running Excahnge and SQL Server. Security Firm like Trend Micro further noticed renewed attack for the IE7 flaws that was fixed recently. Though the attack is smaller at this point of time, it many grow further down the road.
The infection starts with an e-mailed .doc file that, when opened, uses the loopholes of MS09-002 to download and install remote-control backdoor malware. It can construct a realistic spam message that may appear to come from a co-worker, for instance, and have a poisoned .doc or other file attached.
You can try your best to fix the problem by applying last week’s patch. It was distributed via Automatic Updates, so you can double-check that you got it by running Windows Update.Filed under Security | Tags: Exchange Server, Internet Explorer 7, Malware, Microsoft Patch, Security, SQL Server | Comment Below