The company issued four bulletins, addressing a total of nine software vulnerabilities in various components of Microsoft Windows, Outlook and Exchange server.
Each of the bulletins carry a maximum security rating of "important," marking the first time since March of 2007 that Microsoft has not issued a critical security fix in its monthly update.
The first of the four bulletins addresses a pair of flaws in the Windows DNS component which can allow an attacker to re-route web traffic. Another update addresses a flaw in Windows Explorer which could allow an attacker to remotely take control of a targeted system.
The company also issued a bulletin to fix two vulnerabilities in Exchange Server 2003 and 2007. Those two flaws could be exploited by an attacker to gain elevated privileges on a server.
The fourth bulletin addresses four vulnerabilities in SQL components for Windows 2000, Server 2003, 2007 and 2008. The most severe of the flaws could allow an attacker to remotely execute code on a targeted system.
Not patched in the update was a flaw in an ActiveX control for Office. The company is still investigating the attacks and has not yet released word on when a fix will be released.
Dave Marcus, director of security research and communications for McAfee, said that despite the low risk of the patched flaws, administrators should still install the update as normal.
"July offers a summer break for patching, and although this is a minor patch, Mcafee encourages all customers to update according to their risk management strategy and protect the integrity of their systems and data,” said Marcus.
Microsoft issues monthly security pack
By Shaun Nichols on Jul 9, 2008 4:01PM