Four 'important' Microsoft patches due Tuesday

Not rated "critical," fixes apply to "Elevation of Privileges" and "spoofing" bugs for Windows, Exchange, and SQL

By Robert McMillan, IDG News Service
July 03, 2008

Talkback

E-mail

Printer Friendly

Reprints

Microsoft will release four security patches for its Windows, Exchange, and SQL products next Tuesday, all rated "important."

The Exchange and SQL flaws are "Elevation of Privilege" bugs, meaning that an attacker could theoretically exploit them to get administrative access to a PC. One of the Windows flaws is labeled a "spoofing" bug, meaning that it could help hackers trick the user into doing things like visiting malicious Web sites.

The fourth update fixes a Windows flaw that could allow an attacker to run unauthorized code on a victim's PC, Microsoft said. Normally, this type of flaw is rated "critical" by Microsoft, but in this case the bug was probably given a less-severe rating because it doesn't work without the user first taking some extra actions or adding special software or drivers, said Eric Schultze, chief technology officer at Shavlik Technologies.

This remote code execution flaw affects Windows Vista and Windows Server 2008.

The SQL vulnerability affects Microsoft's SQL Server software and the internal SQL software that ships with some versions of Windows. It does not affect Vista or XP users, but it does exist on the Windows 2000, Windows Server 2003 and Windows Server 2008 products.

Microsoft published a note on the upcoming security patches on its Web site on Thursday. Unless it is forced to rush out an emergency fix, the company releases its security patches on the second Tuesday of each month.

Microsoft also said Thursday that it is planning to upgrade the Windows Update software it uses to deliver bug-fixes to PC desktops.

The upgrade will speed up the software download process, said Windows Update Product Manager Michelle Haven in a blog posting. "We’ve invested heavily in reducing the amount of time it takes the Windows Update agent to scan to see if new updates are available," he wrote. "In this case, we’ve seen some instances of the scan times on some machines decreasing almost 20 percent."

Microsoft plans to make further changes to the Windows Update software and back-end infrastructure over the next few months, Haven said.

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

Answer key: The 2008 InfoWorld Geek IQ Test

IBM exec predicts the future of Linux, open source

Google Gadgets an open door for attack

Google Apps hit by prolonged Gmail access problem

>> Talkback: Have your say

Are you ready for event-driven business?
"Faster than a speeding bullet" doesn't just refer to superheroes anymore, it's the velocity your business needs to compete. In this webcast you will learn strategies you can implement today that will keep your systems ahead of the increased business velocity. Sponsor: Progress Sonic

» Click here to view this Webcast

The Path to Enterprise Security
This is your comprehensive guide to Enterprise Security. In it you'll find solutions to the most pressing security threats facing you and your company. Learn the latest on insider threats and how to effectively minimize risk within your organization. Sponsored by Nokia

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Green Initiatives: Lowering costs and increasing efficiency - Conserving energy, reducing floor space, and managing utility costs are becoming major priorities for IT organizations. ...
3PAR Takes on the Storage Industry Giants - Some smaller vendors are getting a foothold in the enterprise disk array storage market, beating the barrier-to-entry odds...
Analysis: Emerging next generation Fibre Channel storage systems - At the macro level, the Fibre Channel storage systems market is a mature, slow growth segment of the overall storage systems...
Enhancing security through Quantum Cryptography - Quantum Cryptography is an emerging security technology that is focused on the actual transmission of a private key from...
What to expect from a Technology Assessment. - Whether implementing new technologies, upgrading existing infrastructures or evaluating current needs, a Technology Assessment...
Achieving Manufacturing Leadership with HP Mission Critical Service - This HP customer saved 97 million Euros, by avoiding lost downtime. While revenues were growing by 20% and IT infrastructure...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Four 'important' Microsoft patches due Tuesday

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
Dell - Dell Latitude: Battery life up to 19 hours. Learn more. Equallogic - Flexible, Scalable, Enterprise Storage for Virtual Infrastructures AT&T - Factors to consider when comparing DSL or Cable Equallogic - Four Steps to Disaster Recovery and Business Continuity Using iSCSI HP - Get Extreme Storage for Extreme Business with HP. Dell/Equallogic - PS Series Best Practices Deploying Microsoft(R) Exchange Server 2007 in an iSCSI SAN Symantec - Make data protection more efficient with Veritas NetBackup AT&T - What to expect from a Technology Assessment. Xerox - Experience the colorful side of business at www.frugalcolor.com EMC - EMC and VMware help you build your virtualized infrastructure. Dell - Windows Vista: A Cyber Security Shield Mindreef - Key Strategies for SOA Testing AT&T - Class of Service: Myths and Misconceptions HP - HP LaserJet P4014n printer Starting at $699 after $100 IS. ?? SHOP NOW HP - HP LaserJet M3035 MFP series Starting at $1,599. ?? SHOP NOW Vizioncore - Top 10 Tips for Successful Conversions Rackspace - Go Green Without Sacrificing Server Performance HP - HP StorageWorks products-control, consolidation and confidence. AT&T - Refine your company's plan for a Business Disruption Event HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Vizioncore - The Benefits of 'Green IT' and Virtualization InterSystems - Development, integration, BPM, and BAM together in Ensemble Big Fix - Before all Hell breaks loose on your network & your endpoints! 3PAR - Takes on the Storage Industry Giants Platespin - Consolidated Disaster Recovery Using Virtualization		Brocade - Transform Your Data Center at Brocade Conference 2008, Las Vegas, Sept 22-24 Platespin - 8 Phases of a Successful Consolidation Initiative SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Vizioncore - Complete Solutions for Virtual Server Management Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA AT&T - Thinking about IMS Polycom - Telepresence For The Enterprise GoToMyPC - Research Brief: Providing Secure and Cost-Effective Remote Access AppAssure - Keeping the E-Mail Flowing Tripwire - Secure your virtual and physical environments with the same software. Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Symantec - Whitepaper: Secure, recover, and archive critical information Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist