The update for SQL server was rated as important, along with an update to Visio, meaning it would be a little harder for hackers to exploit the bugs they fix . The other two security releases patched bugs in Exchange and Internet Explorer.
The Exchange patch is considered the most important, according to security vendor TippingPoint. Without the patch, hackers could shut down or possibly even take control of an Exchange email server by sending a specially written attachment.
"A compromised email server, in addition to snooping corporate secrets, can be used as a launch pad for attacks against other servers in the enterprise," TippingPoint said.
The critical update for Internet Explorer fixes two vulnerabilities in the browser that could be exploited by hackers to run unauthorised software on a victim's computer. For this attack to work, the victim would have to be tricked into visiting a maliciously crafted web page. Although no attacks have yet been reported exploiting these bugs, Microsoft believes that now that the patches are out, it will be easy for attackers to work up a reliable attack.
The SQL Server patch had been expected. It fixes a bug in the database software that Microsoft acknowledged late last year. According to the researcher who disclosed the SQL issue, Microsoft has known about it since April and wrote its initial patch for the bug back in September.
In all, the updates released this month are "much more critical" than January's patches, TippingPoint said. Last month, Microsoft released just one update, for its Windows Server Message Block file and print service.