Microsoft to issue Windows, SQL Server updates

By SearchSecurity.com Staff 07 Jul 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft plans to issue four updates this week to repair flaws in Windows and SQL Server that could be exploited to conduct spoofing attacks and execute code remotely.

Microsoft updates: Microsoft addresses XSS in Internet Explorer:  A cross-site scripting filter and additional security features for developers will help defend against attacks.    Inside MSRC: Bluetooth, Internet Explorer issues explained: Microsoft's Bill Sisk addresses issues with the Bluetooh stack and a vulnerability in Internet Explorer. Microsoft patches Bluetooth, Internet Explorer flaws: Dangerous holes in the Bluetooth stack in Windows could allow remote code execution.

In its advance notification issued last week on its TechNet site, Microsoft said the flaws affected software in Windows, SQL Server and Exchange Server. The bulletins have been rated important by the software maker and will be issued Tuesday afternoon as part of Mircosoft's Patch Tuesday bulletins.

The flaws are in Microsoft SQL Server 2000 Desktop Engine and Windows Internal Database Service Pack 2. Microsoft said the Windows Server 2008 server core installation is affected by the updates.

Bill Sisk, the response communications manager for the Microsoft Security Response Center, (MSRC) said the update will include improvements to the infrastructure of the Update Agent. The new agent will be improved to shorten the length of time it takes Windows Update to scan and receive updates.

Last month Microsoft issued three updates to address critical flaws affecting Bluetooth, DirectX and Internet Explorer. The software maker also issued an update to correct a problem with the System Center Configuration Manager 2007, which was blocking some updates.

Microsoft will also conduct a webcast about the bulletins on Wednesday at 11 a.m. PST.

Tags: Windows Security: Alerts, Updates and Best Practices,  Database Security Management,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address 12 vulnerabilities, IE display zero-day Exploit code targets Internet Explorer zero-day display flaw Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Database Security Management IBM to acquire database security firm Guardium What is the best database patch management process? Unpatched vulnerability discovered in Microsoft SQL Server SQL injection continues to trouble firms, lead to breaches Oracle issues quarterly patches, fixes database flaws Database monitoring, encryption vital in tight economy, Forrester says Oracle to buy Sun Microsystems for $7.4 billion Oracle issues 43 updates, fixes serious database flaws Imperva assigns security risk levels to databases How to create configuration management plans to install DLP Database Security Management Research Security Patch Management What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary