Microsoft to issue Windows, SQL Server updates

By SearchSecurity.com Staff 07 Jul 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft plans to issue four updates this week to repair flaws in Windows and SQL Server that could be exploited to conduct spoofing attacks and execute code remotely.

Microsoft updates: Microsoft addresses XSS in Internet Explorer:  A cross-site scripting filter and additional security features for developers will help defend against attacks.    Inside MSRC: Bluetooth, Internet Explorer issues explained: Microsoft's Bill Sisk addresses issues with the Bluetooh stack and a vulnerability in Internet Explorer. Microsoft patches Bluetooth, Internet Explorer flaws: Dangerous holes in the Bluetooth stack in Windows could allow remote code execution.

In its advance notification issued last week on its TechNet site, Microsoft said the flaws affected software in Windows, SQL Server and Exchange Server. The bulletins have been rated important by the software maker and will be issued Tuesday afternoon as part of Mircosoft's Patch Tuesday bulletins.

The flaws are in Microsoft SQL Server 2000 Desktop Engine and Windows Internal Database Service Pack 2. Microsoft said the Windows Server 2008 server core installation is affected by the updates.

Bill Sisk, the response communications manager for the Microsoft Security Response Center, (MSRC) said the update will include improvements to the infrastructure of the Update Agent. The new agent will be improved to shorten the length of time it takes Windows Update to scan and receive updates.

Last month Microsoft issued three updates to address critical flaws affecting Bluetooth, DirectX and Internet Explorer. The software maker also issued an update to correct a problem with the System Center Configuration Manager 2007, which was blocking some updates.

Microsoft will also conduct a webcast about the bulletins on Wednesday at 11 a.m. PST.

Tags: Windows Security: Alerts, Updates and Best Practices,  Database Security Management,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices New attack code targets Microsoft ActiveX zero-day vulnerability When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw Microsoft warns of IIS zero-day vulnerability Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw How to perform Microsoft Baseline Security Analyzer (MBSA) scans Microsoft patches serious Excel zero-day, Windows flaws Database Security Management Oracle to buy Sun Microsystems for $7.4 billion Oracle issues 43 updates, fixes serious database flaws Information security book excerpts and reviews Kaspersky website hacked multiple times, expert says Kaspersky website hacked, customer activation codes exposed SQL injection attacks targeting Flash, JavaScript errors Fuzzing tool helps Oracle DBAs defend against SQL injection Oracle extends Audit Vault third-party database compatibility When should a database application be placed in a DMZ? Oracle patches dangerous WebLogic, Secure Backup vulnerabilities Database Security Management Research Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary