Microsoft to offer four patches next week

Microsoft has revealed it plans to address critical flaws in its Internet Explorer (IE) and Exchange Server software next week.

While exact details of the flaws will not be known until the software firm releases its monthly security bulletin for February next Tuesday, four updates are planned for release, including the two given its highest security rating of critical'.

The bulletin preview, published on the vendor's TechNet security website late yesterday, also included two, less severe updates rated important' for Microsoft SQL Server and its Office Visio technical drawing application.

The important updates have not been given as high a severity rating as those for the IE and Exchange products, even though Microsoft said all the related flaws could be exploited remotely and used to run unauthorised software.

Despite its less severe rating, the SQL update may tackle a flaw that hit the headlines late last year. The software giant issued an initial patch for it in September after a researcher claimed to have highlighted the issue in April.

Security experts have speculated that it is the same flaw because the affected software list for next Tuesday's SQL update matches those products listed in Microsoft's alert on the SQL flaw, issued last December.

Graham Cluley, senior technology consultant at security vendor Sophos, told IT PRO there was no way of knowing now whether the SQL update would patch December's alert. "But all the indications are that it will," he said.

"Fingers crossed though, it is going to be that flaw," he added. "But the most important message is that anytime Microsoft issues a critical patch, enterprises should prioritise applying it."

Microsoft will replace its preview with the full security bulletin late on 10 February 2009.

Miya Knights

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.