New Round of Vista SP1 and XP SP3 Vulnerabilities

Microsoft is cooking patches for a new round of vulnerabilities impacting its Windows client and operating systems and Server software, including Windows Vista Service Pack 1 and Windows XP Service Pack 3. The Redmond company is preparing no less than four security bulletins for release on July 8, 2008, two of them dealing with security flaws in Windows platforms and the remaining two in SQL and Exchange. However, since the release date is not until next week, Microsoft warned that its plans could change if something unexpected were to intervene, revealed Bill Sisk, Microsoft Security Response Center Communications Manager.

"As part of our regularly scheduled bulletin release, we're currently planning to release four Microsoft Security Bulletins rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer. As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated. We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS)," Sisk added.

All four security bulletins have been labeled with a maximum severity rating of Important even though some vulnerabilities allow, in the eventuality of successful exploits, for remote code execution. In addition to Vista RTM/SP1 and XP SP2/SP3, Microsoft informed that the following products are also affected: Windows 2000 SP2, Windows Server 2003 SP1/SP2, Windows Server 2008, SQL Server 7.0, SQL Server 2000, SQL Server 2005, Data Engine (MSDE) 1.0, Exchange Server 2003, and Exchange Server 2007. But given that none of the bulletins are designed to patch Critical vulnerabilities, the level of risk users are exposed to is not severe.

By the end of July, the Redmond company also plans to initiate the rollout of a refresh to the Windows Update infrastructure and client for Vista SP1 and XP SP3. However, Microsoft informed that serving the actual update would take a few months.