Microsoft will release four security patches for its Windows, Exchange, and SQL products next Tuesday, all rated "important."
The Exchange and SQL flaws are "Elevation of Privilege" bugs, meaning that an attacker could theoretically exploit them to get administrative access to a PC. One of the Windows flaws is labeled a "spoofing" bug, meaning that it could help hackers trick the user into doing things like visiting malicious Web sites.
The fourth update fixes a Windows flaw that could allow an attacker to run unauthorized code on a victim's PC, Microsoft said. Normally, this type of flaw is rated "critical" by Microsoft, but in this case the bug was probably given a less-severe rating because it doesn't work without the user first taking some extra actions or adding special software or drivers, said Eric Schultze, chief technology officer at Shavlik Technologies.
This remote code execution flaw affects Windows Vista and Windows Server 2008.