We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Four bugs patched in Microsoft security release

SQL server flaw fixed almost a year after identification

Microsoft released four updates in this month's security release, including one that fixes a bug in SQL Server that was publicly disclosed in December.

The update for SQL server was rated as important, along with an update to Visio, meaning it would be a little harder for hackers to exploit the bugs they fix . The other two security releases patched bugs in Exchange and Internet Explorer.

Microsoft Internet Explorer 8 review

The Exchange patch is considered the most important, according to security vendor TippingPoint. Without the patch, hackers could shut down or possibly even take control of an Exchange email server by sending a specially written attachment.

"A compromised email server, in addition to snooping corporate secrets, can be used as a launch pad for attacks against other servers in the enterprise," TippingPoint said.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

The critical update for Internet Explorer fixes two vulnerabilities in the browser that could be exploited by hackers to run unauthorised software on a victim's computer. For this attack to work, the victim would have to be tricked into visiting a maliciously crafted web page. Although no attacks have yet been reported exploiting these bugs, Microsoft believes that now that the patches are out, it will be easy for attackers to work up a reliable attack.

The SQL Server patch had been expected. It fixes a bug in the database software that Microsoft acknowledged late last year. According to the researcher who disclosed the SQL issue, Microsoft has known about it since April and wrote its initial patch for the bug back in September.

In all, the updates released this month are "much more critical" than January's patches, TippingPoint said. Last month, Microsoft released just one update, for its Windows Server Message Block file and print service.

See also: Latest Microsoft patch fixes just one bug


IDG UK Sites

Nokia branding killed in place of 'Microsoft Lumia': Windows Phone moves into new era

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should you update your iPhone or iPad to iOS 8? iOS 8.1 brings back Camera Roll, adds Apple Pay in...