Microsoft patch tackles SQL bug
Microsoft has plugged SQL Server holes that it admitted to knowing about in December as part of four security updates released in its monthly bulletin.
Microsoft late yesterday released four security updates, addressing a known SQL bug, as well as other email and browser software flaws.
Two of the bulletin's four updates were given Microsoft's highest 'critical' security rating. The two others, relating to its SQL Server and Visio technical drawing products, were rated 'important'.
The critical Exchange patch addresses a vulnerability that could allow hackers to shut down or gain remote control of an Exchange email server by sending a specially crafted email attachment.
According to security vendor TippingPoint, the Exchange patch should be given the highest priority. "A compromised email server, in addition to snooping corporate secrets, can be used as a launch pad for attacks against other servers in the enterprise," it said.
The second critical update, for Internet Explorer, plugs two holes that Microsoft said could be used to run unauthorised software on a victim's computer. The flaw relies on the user visiting a webpage containing malware, although no attacks have yet been seen to exploit it.
The long-awaited SQL Server patch fixes a bug in the database software that Microsoft acknowledged last December, despite the fact that it has been aware of it since its discovery last April by a researcher.
Yesterday's update replaces the initial patch Microsoft produced to address the SQL bug in September. The software firm said the flaw could also allow hackers to gain unauthorised access to unpatched systems.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.
Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.