Microsoft plans critical patches for IE and Exchange

Microsoft Corporation states that they would soon deliver 4 security updates wherein 2 of them are specifically critical and would finally subject a patch to the SQL Server on which they were working. These four updates are specified in the advance notice that will overturn bugs in Internet Explorer 7, Visio application which is part of Office Lineup, the exchange mail server software and the SQL Server. The Exchange vulnerabilities and IE are marked critical as the highest risk ranking of the company while the Visio bugs and SQL Server are labeled important, a step lower.The SQL Server updates would repair the vulnerability which was acknowledged by Microsoft during December 2008. The director of security operations in nCircle Network Security, Andrew Storms said that there is a lineup created between the optional with affected editions of SQL Server. Additionally this bug is also prominent for a number of reasons. After Microsoft had confirmed about the vulnerability, the advisory noted that the exploit code was published. However after several days the company also acknowledged that they had first received the report about bugs from Bernhard Mueller the SEC Consult Security in Vienna based security based company. Mueller had disclosed about this bug early in December 2008 after there was not word from Microsoft and he said that the company failed to reply several messages during the 2 months before when he had asked about the updates on patch’s progress.

Most of the security analysts were expecting Microsoft to act fast. Wolfgang Kandek the chief technology officer of Qualys Security Company, for instance, during late December foreseen that Microsoft would update a fix “out of band” (a term that were when patches issued outside normal monthly schedule of Microsoft). Storms said about the SQL Server and IE Exchange patches that three of them are evenly important at least by the information they have as it is all dependent on the infrastructure of an enterprise.

He continued that companies are always responsive when exchanging fixes and so the serious fix that is set for Exchange Server 2007, 2003 and 2000 would be analyzed carefully. He said that messaging is also very important to enterprises and so they will also spend time in making sure that the patches work fine. The plus point is that he said, the does not needs to be restarted a note in Microsoft’s bulletin. Storms said that it might mean it is not essentially a huge hold or that they would just get lucky as they will not need to restart the Exchange servers and the IT administrators will be able to organize the patch even quicker. The Internet Explorer vulnerability should be something exclusive to IE7 he said. However according to Microsoft this Critical vulnerability would affect only that particular version of browser and not IE5.01 or IE6 as the latter editions which are just for Windows 2000 and also the oldest browser which Microsoft even today supports with their security updates.

Comments are closed.