As every second Tuesday of each month, Microsoft released yesterday its security bulletins for its operating systems and software. After a month of calm in January with one update for Windows, the total amount this time to four newsletters, two critical and two important. Here is the list:
Critical flaws
- Download MS09-002: This security update fixes two vulnerabilities could allow remote code execution if a user displays a web page specifically designed with Internet Explorer.
- Download MS09-003: This security update fixes two vulnerabilities in Exchange Server. The first vulnerability could allow remote code execution if a message with TNEF (Transport Neutral Encapsulation Format) was designed specifically sent to Exchange Server. An attacker who would exploit this vulnerability could take complete control of the affected system with the privileges of the Exchange Server service account. The second vulnerability could allow a denial of service if a specially designed MAPI command was sent to Exchange Server. An attacker who successfully exploited this vulnerability could prevent the system monitor Exchange and other services using the provider EMSMDB32 responding.
Loopholes
- Download MS09-004: This security update addresses a vulnerability in SQL Server. This vulnerability could allow remote code execution if users have access to unsafe an affected system or if a SQL injection attack occurs on an affected system. Systems running SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3 and SQL Server 2008 are not affected by this problem.
- Download MS09-005: This security update fixes three vulnerabilities in Office Visio that could allow remote code execution if a user opened a specially designed Visio file. Any attacker who would exploit this vulnerability could take complete control of the affected system.
As usual, the easiest way to install these updates is to let the automatic updates. If they are disabled or if you have not said anything, you can view Microsoft Update online, or open Windows Update in the Start menu of Vista.
Windows 7 and Vista SP2: those who have installed these beta versions can not take advantage of security updates.
Bookmarks