Risk: High
Microsoft's May bulletin addressed three vulnerabilities and an addition issued a week later addressed the Word exploit recently discovered. Exploitation of both critical flaws could result in remote code execution and were found in Microsoft Exchange and Flash Player. The vulnerability found in Microsoft Exchange could be exploited by an attacker sending a specially crafted message with certain vCal or iCal properties that is processed by Exchange Server. The flaw present in Flash Player only exists in version 6 and earlier, and exists due to the way that the program handles Flash Animation (SWF) files. Remote code execution could occur if an email attachment or website is viewed containing a malicious SWF file, which would enable an attacker to gain complete system access.
The moderate level flaw enables an attacker to launch a Denial of Service attack by attaching a specially crafted network message, which could force the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding. Although the attacker would not be able to elevate user privileges or execute code, it could cause the affected system to stop accepting requests.
After Microsoft's monthly advisory was issued, a new Word flaw came to light. Zero-day attacks have been launched to attempt to exploit the flaw and install a Trojan on an affected PC. In order for the Trojan to be installed, the user must open a maliciously-constructed Word document that contains BackDoor-CKB!cfaae1e6, permitting full remote access. The unpatched Word flaw exists in XP and 2003 and has originated from Asia. Microsoft is working on patching the flaw, but an update may not be available until the next scheduled Microsoft advisory is issued, which is due to be on 13th June.
Microsoft users are strongly recommended to download updates from Microsoft at http://www.microsoft.com/technet/security/bulletin/ms06-may.mspx