Microsoft plans critical patches for IE, Exchange

From InfoWorld: Microsoft Thursday said it will deliver four security updates on Tuesday, two of them pegged "critical," and will finally issue a patch for SQL Server that it's been working on since last April.

The four updates detailed in the advance notice published Thursday will quash bugs in Internet Explorer 7 (IE7); its Exchange mail server software; the Visio application that's part of the Office line-up; and SQL Server. The IE and Exchange vulnerabilities will be labeled critical, the company's highest threat ranking, while the SQL Server and Visio bugs will be marked as "important," one step lower.

Microsoft will release the updates on Feb. 10.

The SQL Server update will fix the vulnerability Microsoft acknowledged in late December 2008, said Andrew Storms , director of security operations at nCircle Network Security Inc. "I did a line-up between the advisory with the affected versions of SQL Server," he said Thursday morning. "It's almost a one-for-one match."

View: Article @ Source Site