Microsoft to deliver two critical patches including SQL server fix
Microsoft is to deliver four security updates next Tuesday with two named as critical.
One of the patches has been labelled as ‘important' and will be for the SQL server that the company has been working on since April 2008.
The critical patches will cover vulnerabilities in Internet Explorer 7 and its Exchange mail server software, while the other important patch will cover the Visio Office application.
Microsoft had previously warned customers of an attack code that was targeting a critical vulnerability in older versions of its widely used SQL Server database software, and it urged users to apply a temporary work-around.
Austrian security consulting company SEC Consult reported the fault to Microsoft in April but apparently grew tired of waiting for Microsoft to decide when or whether to release a patch It claimed that Microsoft had a patch ready for nearly three months but had declined to release it.
Writing on the Microsoft Resource Centre blog, Bill Sisk, said: “As part of this month's security bulletin release process, we will issue four security bulletins – two rated ‘critical' and two rated ‘important'. The updates will be detectable using the Microsoft Baseline Security Analyzer. As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
“We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update."