Microsoft pleasantly shocks users with no critical Vista updates

Stephen Withers
Friday, 04 July 2008 03:13

Your IT - Home IT

For the first time this year, Microsoft will release no 'critical' updates for Windows or other software on July's Patch Tuesday. The company has already issued a total of 22 critical security bulletins this year, so the news comes as a welcome surprise.

However, there are four 'important' vulnerabilities - including two Windows issues - which are set to be fixed on July 8.

The first Windows vulnerability is specific to Vista and Server 2008. While it allows remote code execution, Microsoft at this stage has not indicated exactly why its severity rating is important rather than critical.

The other allows an unspecified variety of spoofing, and affects and is rated important on all currently supported versions of Windows, with two exceptions: Vista, and the Itanium version of Server 2008.

An SQL privilege elevation vulnerability is also due to be fixed. This affects SQL Server 2000 Desktop Engine in Windows 2000 and Server 2003, and the Windows Internal Database in Server 2003 and Server 2008. Itanium-based versions of each operating system are excluded.

Many SQL Server products also require the update, namely SQL Server 7, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, and MSDE 2000.

The final vulnerability for July is another privilege escalation issue, this time affecting Exchange Server 2003 and 2007.

But there's more than just the security bulletins, so please read on .