Tomorrow, February 11, is the second Tuesday in February–hence, “Patch Tuesday” is once again at hand. Microsoft publishes advance notification for security bulletins each month on the preceding Thursday, so I can tell you what to expect in tomorrow’s updates. There are four items that should be included (though last-minute additions and deletions have been known to occur):
- Critical: Internet Explorer 7 versions remote code execution fix. XP, Vista, Windows Server 2003 and 2008, 32- and 64-bit versions.
- Critical: Exchange Server versions remote code execution fix. Exchange 2000 Server SP3 with 8/04 update rollup, Exchange Server 2003 SP2, Exchange Server 2007 SP1 (32- and 64-bit versions).
- Important: SQL Server remote code execution. Too many versions to enumerate here (check the advance notification link in the first paragraph for details).
- Important: Visio remote code execution. MS Office Visio 2002 SP2, MS Office Visio 2003 SP3, MS Office Visio 2007 SP1.
As usual, there will also be an updated version of the Microsoft Malicious Software Removal tool (KB890830) and the Windows Junk E-mail Filter (KB905866) for February, 2009, included as well. There will also be cumulative updates for Media Center for Windows Vista (KB950644) and Media Center TVPack for Windows Vista (KB958653), plus an update rollup for ActiveX Killbits for Windows (KB960715). These are described in more detail in KB894199 and also in the other KB articles cited for each item.
Given that all the major updates relate to remote code execution and the system compromises such vulnerabilities can produce, it’s probably time to start testing and/or deploying these patches to your clients and servers on an ASAP basis.