Microsoft released 4 updates for overall 8 security vulnerabilities in Internet Explorer, Exchange Server, MS SQL Server and for Visio from the office suites on the February Black Tuesday. The company considers the two vulnerabilities in Internet Explorer as being critical because attackers could inject malicious code with prepared webpages. One of the flaws in Exchange can lead to a server takeover by criminal individuals, another bug can lead to a denial of service.
Attackers can abuse an error in the SQL server to take control of it, but therefore they need another flaw in an SQL application that makes an SQL injection possible. Three vulnerabilities were closed in Visio which also made remote code execution possible.
It is likely that malicious web pages will popup soon on the web that abuse the security holes in the Internet Explorer. In the past it didn’t take long that exploits for the patched vulnerabilities appeared on the web, so the other Updates should be installed as soon as possible as well.