Microsoft's July patches merely 'important,' but watch out for the non-security fixes too

Stephen Withers
Wednesday, 09 July 2008 07:24

Business IT - Technology

Another month, another batch of security fixes from Microsoft. The good news is that none of them are rated 'critical' - all four bulletins carry an aggregate severity rating of 'important'. Among the month's other updates comes a promise of better Vista performance.

The security update for Vista and Server 2008 is designed to overcome a publicly reported vulnerability that allows a maliciously crafted saved search file to give an attacker full control of the target system.

The 'saved search' update also fixes another vulnerability associated with the Autorun feature.

More wide-ranging is July's other Windows bulletin. Vulnerabilities in the Windows DNS client and server can allow a remote attacker to redirect Internet traffic away from legitimate server. Updates have been released for Windows 2000, XP, and Server 2003 and 2008.

Server 2008 on Itanium and Vista are not affected.

The SQL Server update protects against four vulnerabilities that were privately reported to Microsoft.

SQL Server 7, 2000 and 2005 are all affected, along with the SQL Server Desktop Engine (MSDE) provided with Windows 2000 and Server 2003, and the Windows Internal Database that forms part of Server 2003 and 2008.

The flaws allowed privilege escalation or information disclosure.

For details of the fourth security patch and the other updates from Microsoft, please turn to page 2.

viagra prescription discount sildenafil sildenafil soft tablets daily cialis usa generic for cialis canada