Next Tuesday, Microsoft releases four security updates under the traditional Patch Tuesday. The fixes are aimed at flaws that affect Windows, Microsoft SQL Server and Exchange Server and leave out Internet Explorer, which is causing some surprise among computer security professionals.
According to the information provided by the company, none of the four bulletins to be made available are critical but rather «important», meaning that the vulnerabilities to be corrected can give rise to exploits that compromise the confidentiality or integrity of users’ documents or information processing resources.
All versions of Windows are included in these patches, including Vista and Server 2008 operating systems.
As already mentioned, even though there are several flaws in the execution of IE, as bugs in cross-site scripting, cross-domain, among others, the truth is that Microsoft does not include any updates to the browser, not even the flaw that links Safari for Windows with Internet Explorer, reported in 2006.
This error happens because Safari automatically saves dowloads at the desktop computers without opening a dialog box, that is, it works by default. Although not a bad feature, what makes it a threat is the fact that Internet Explorer loads DLL files from desktop instead of loading from the C: WINDOWSSYSTEM32 directory. In this way, IE can load malicious files, inadvertently downloaded by Safari, putting users’ computers at risk.
2008-06-06 – Microsoft products with seven security updates in June
2008-05-09 – Microsoft prepares four security updates for Tuesday