4 Security Bulletins Patch IE in Vista SP1 and XP SP3, Exchange, SQL Server and Visio

As an integral part of its monthly patch cycle, Microsoft made available on February 10, 2009, a total of four security bulletins patching vulnerabilities in a range of software products including Internet Explorer running on Windows Vista SP1 and Windows XP SP3, but also Exchange, SQL Server and Visio. Two of the security bulletins are labeled with a maximum severity rating of Critical with the remaining two just Important. In February 2009 Microsoft patched no less than eight security vulnerabilities, three of which considered Critical, and five just Important.

“We’re releasing four new security bulletins as part of our regular monthly release process.  MS09-002 rated Critical that addresses two code execution vulnerabilities in Internet Explorer. MS09-003 rated Critical that addresses one code execution vulnerability and one denial of service vulnerability in Exchange Server. MS09-004 rated Important that addresses one code execution vulnerability in SQL Server. MS09-005 rated Important that addresses three code execution vulnerabilities in Visio. We’re also releasing Microsoft Security Advisory 960715 that announces the release of a new cumulative update for killbits on third-party ActiveX controls,” revealed a member of the Microsoft Security Response Center (MSRC).

MS09-002 fixes two Critical vulnerabilities (Uninitialized Memory Corruption, and CSS Memory Corruption) in Internet Explorer 7 and Internet Explorer 8 on all supported Windows operating systems and even on Windows 7 and Windows Vista SP2. MS09-003 also deals with two vulnerabilities involving Memory Corruption and Literal Processing. The SQL Server sp_replwritetovarbin Limited Memory Overwrite vulnerability is the sole patched by MS09-004 with MS09-005 resolving three flaws related to memory corruption and validation.

The Microsoft Security Advisory (960715) Update Rollup for ActiveX Kill Bits “includes kill bits for the following third-party software: Akamai Download Manager - this security update sets a kill bit for an ActiveX control developed by Akamai Technologies. Research in Motion (RIM) AxLoader - this security update sets a kill bit for an ActiveX control developed by Research In Motion (RIM),” Microsoft revealed.