Two critical Microsoft security patches released

Microsoft released its May 2006 security bulletin, which includes three updates: two critical, and one moderate. All versions of Windows are affected by at least one of the critical update bulletins. This monthly update covers only Windows updates. None of the updates this month are specific to Microsoft Office. One bulletin includes updates to software not created by Microsoft but distributed within various versions of Windows. All the Microsoft security patches are available via Microsoft Update or via the individual bulletins detailed below.

MS06-018: Moderate

Entitled "Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service," this advisory affects Windows 2000 SP4, Windows XP (SP1 and SP2) and Windows 2003 Server. It does not affect Windows XP x64 edition, nor Windows versions Me, 98 SE, or 98. Exploitation of this flaw could allow a denial-of-service attack on a vulnerable PC.

MS06-019: Critical

Entitled "Vulnerability in Microsoft Exchange Could Allow Remote Code Execution," this bulletin affects Microsoft Exchange Server 2000 and 2003. This update will change some of the permissions allowed within Microsoft Exchange Server by limiting users who send "on behalf of" another user. Exploitation of this flaw could allow a remote attacker to run malicious code on a vulnerable PC.

MS06-020: Critical

Entitled "Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution," this bulletin affects all versions of Windows except Windows 2000 and Windows 2003 Server. Although Flash is a software product created by Adobe, versions of Flash have been distributed within versions of Windows 98, 98 SE, Me, and XP. If you are running Flash version 4.0.28, 5.0.44, or 6.0.79, you need to update with this patch. Adobe has an additional details in its own security bulletin. Exploitation of this flaw could allow a remote attacker to run malicious code on a vulnerable PC.