Four security updates due from Microsoft next week
Microsoft plans to patch critical flaws in its Internet Explorer and Microsoft Exchange Server software next week.
In total, the company will issue four security updates, including two critical fixes as well as patches for Microsoft SQL Server and its Microsoft Office Visio, the company said in a note published on its Web site Thursday. Although hackers could theoretically exploit bugs in all of these products to run unauthorized software, Microsoft rates the SQL Server and Office flaws as less severe.
The SQL Server flaw may be a known issue that Microsoft acknowledged late last year. Security experts had been expecting Microsoft to patch this flaw in February. According to the researcher who disclosed the SQL issue, Microsoft has known about it since April and wrote its initial patch for the bug back in September.
It often takes Microsoft months, however, to run security fixes through its testing and quality assurance process.
It seems likely that Microsoft will finally patch the SQL issue, according to Andrew Storms, director of security operations with security vendor nCircle. That's because the list of affected software in the SQL patch is the same as the platforms Microsoft listed in its December alert on the SQL patch, he said.
Microsoft has also acknowledged an issue in its WordPad Text Converter, although that does not appear to be on the slate for next week.
Microsoft hasn't released a lot of patches in 2009. Last month it released just one update, a fix for a critical bug in the Windows Server Message Block (SMB) file and print service.
The February updates are due next Tuesday, Microsoft's regularly scheduled date for delivering its monthly security patches.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
microsoft patches
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
