Microsoft releases monthly security updates
Microsoft released software security patches Tuesday, fixing some nasty browser and mail server flaws as well as a bug in SQL Server that was publicly disclosed in December.
The company released four updates, including critical fixes for Exchange and Internet Explorer. Two other updates, for SQL Server and Visio, were rated "important," meaning it would be a little harder for hackers to exploit the bugs they fix.
The Exchange patch is considered the most important, according to security vendor TippingPoint. Without the patch, hackers could shut down or possibly even take control of an Exchange e-mail server by sending a specially written e-mail attachment. "A compromised e-mail server, in addition to snooping corporate secrets, can be used as a launch pad for attacks against other servers in the enterprise," TippingPoint said in a statement.
The critical update for Internet Explorer fixes two vulnerabilities in the browser that could be exploited by hackers to run unauthorized software on a victim's computer. For this attack to work, the victim would have to be tricked into visiting a maliciously crafted Web page. Although no attacks have yet been reported exploiting these bugs, Microsoft believes that now that the patches are out, it will be easy for attackers to work up a reliable attack.
The SQL Server patch had been expected. It fixes a bug in the database software that Microsoft acknowledged late last year. According to the researcher who disclosed the SQL issue, Microsoft has known about it since April and wrote its initial patch for the bug back in September.
In all, the updates released this month are "much more critical" than January's patches, TippingPoint said. Last month, Microsoft released just one update, for its Windows Server Message Block file and print service.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
