Come February 10, 2009, Microsoft will issue patches designed to resolve security vulnerabilities affecting a range of its software products, including Internet Explorer, Exchange Server, the data platform, and Visio. A total of four security bulletins will be offered, plugging a yet unknown number of holes. Microsoft only offered information on the products currently supported by the company and said nothing about software that is currently in development such as Windows 7, Windows Vista SP2 or Internet Explorer 8.

“As part of this month’s security bulletin release process, we will issue four security bulletins – two rated ‘Critical’ and two rated ‘Important’ – to address vulnerabilities in Internet Explorer, Microsoft Exchange Server, Microsoft SQL Server and Microsoft Office. Depending on the bulletin, a restart may be required,” revealed Bill Sisk, Microsoft Security Response Center Communications manager.

Among the affected software are Windows Vista RTM and SP1, Windows XP SP3 and earlier, and even Windows Server 2008. The Critical vulnerability impacting Internet Explorer 7 inherently puts at risk users of Vista SP1 and XP SP3. Microsoft said nothing to indicate that the security holes affecting IE7 and earlier are shared by Internet Explorer 8 Beta and Release Candidate builds, or if the million of Windows 7 Beta Build 7000 users have anything to worry about at this point in time. When it comes to the software products still in development, Microsoft's security policy allows the company to patch only vulnerabilities labeled with a maximum severity rating of Critical.

“It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change,” Sisk added. “We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS).”