Microsoft to offer four patches next week

gallery

Microsoft has revealed it plans to address critical flaws in its Internet Explorer (IE) and Exchange Server software next week.

While exact details of the flaws will not be known until the software firm releases its monthly security bulletin for February next Tuesday, four updates are planned for release, including the two given its highest security rating of ‘critical’.

The bulletin preview, published on the vendor’s TechNet security website late yesterday, also included two, less severe updates – rated ‘important’ – for Microsoft SQL Server and its Office Visio technical drawing application.

The important updates have not been given as high a severity rating as those for the IE and Exchange products, even though Microsoft said all the related flaws could be exploited remotely and used to run unauthorised software.

Despite its less severe rating, the SQL update may tackle a flaw that hit the headlines late last year. The software giant issued an initial patch for it in September after a researcher claimed to have highlighted the issue in April.

Security experts have speculated that it is the same flaw because the affected software list for next Tuesday’s SQL update matches those products listed in Microsoft’s alert on the SQL flaw, issued last December.

Graham Cluley, senior technology consultant at security vendor Sophos, told IT PRO there was no way of knowing now whether the SQL update would patch December’s alert. “But all the indications are that it will,” he said.

“Fingers crossed though, it is going to be that flaw,” he added. “But the most important message is that anytime Microsoft issues a critical patch, enterprises should prioritise applying it.”

Microsoft will replace its preview with the full security bulletin late on 10 February 2009.

Email to a friend

Print this page