Microsoft releases monthly security updates
Microsoft released software security patches Tuesday, fixing some nasty browser and mail server flaws as well as a bug in SQL Server that was publicly disclosed in December.
The company released four updates, including critical fixes for Exchange and Internet Explorer. Two other updates, for SQL Server and Visio, were rated "important," meaning it would be a little harder for hackers to exploit the bugs they fix.
The Exchange patch is considered the most important, according to security vendor TippingPoint. Without the patch, hackers could shut down or possibly even take control of an Exchange e-mail server by sending a specially written e-mail attachment. "A compromised e-mail server, in addition to snooping corporate secrets, can be used as a launch pad for attacks against other servers in the enterprise," TippingPoint said in a statement.
The critical update for Internet Explorer fixes two vulnerabilities in the browser that could be exploited by hackers to run unauthorized software on a victim's computer. For this attack to work, the victim would have to be tricked into visiting a maliciously crafted Web page. Although no attacks have yet been reported exploiting these bugs, Microsoft believes that now that the patches are out, it will be easy for attackers to work up a reliable attack.
The SQL Server patch had been expected. It fixes a bug in the database software that Microsoft acknowledged late last year. According to the researcher who disclosed the SQL issue, Microsoft has known about it since April and wrote its initial patch for the bug back in September.
In all, the updates released this month are "much more critical" than January's patches, TippingPoint said. Last month, Microsoft released just one update, for its Windows Server Message Block file and print service.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
