EfluxMedia

Microsoft came forward with four bulletins addressing nine vulnerabilities for July's Patch Tuesday, out of which only four were considered to be important and, quite surprisingly, none were found to be critical.

The patch update did not bring a solution for the Access bug, that is currently seriously exploited in hacking-related activities.

Three other pathes were oriented towards Outlook Web Access (OWA) and SQL Server vulnerabilities (that could come in handy for attackers trying to obtain elevated privileges), as well as a Windows Explorer hole (that could have basically lead to remote code execution).

MS08-039, targeting OWA, manages to close two holes that, if taken advantage of, could have allowed an attacker to take any action the actual user could have taken during the OWA session.

The SQL Server patch, MS08-040, takes care of four vulnerabilities, one of which could have enabled a potential attacker to run malicious code and eventually take over the server. All the affected SQL Server versions can be found within a list that was made available on Microsoft’s website.

MS08-037, the Windows Explorer patch, also addresses a vulnerability that could make remote code execution possible; however, things are a bit more tricky in this situation, as the victim would first have to open an especially-designed file. This problem comes with Vista and Vista Service Pack 1 and Windows Server 2008.

Last month, Microsoft released a patch bundle that featured three fixes for serious vulnerabilities of several Windows versions. Among the seven identified problems, three were considered to be "critical," three more were rated "important" and only one was catalogued as "moderate." The critical ones were found in Microsoft's Internet Explorer, DirectX and Bluetooth.