MS09-002: Cumulative Security Update for Internet Explorer.
  • Rating: Critical
  • Applies to: IE 7 on the following platforms (both x86 and x64): XP SP2 and SP3, 2K3 SP1 and SP2, Vista RTM and SP1, 2K8
  • Does not apply to: 2K8 Server Core, Internet Explorer 6 on supported operating systems.
  • Recommendation: This bulletin addresses a remote code execution. As exploits are quickly found for this type of vulnerability and this vulnerability impacts on a broad range of platforms, you should test and deploy this update as soon as possible.

MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution

  • Rating: Critical
  • Applies to: All supported editions of Exchange Server
  • Recommendation: Given that an attacker could take complete control of an Exchange Server by leveraging the vulnerabilities addressed by this update, you should test and deploy it as soon as possible!

MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution

  • Rating: Important
  • Applies to: SQL 2000 SP4, SQL 2005 SP2, SQL 2005 Express SP2.
  • Does not apply to: SQL 7 SP4, SQL 2005 SP3 and SQL 2008
  • Recommendation: This vulnerability can be leveraged to allow remote code execution through an SQL injection attack. If you are not running the most recent service packs on your SQL Server deployment, you should test and deploy this update as a part of your regular patch management routine.

MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution.

  • Rating: Important
  • Applies to: Visio 2002 SP2, Visio 2003 SP3 and Visio 2007 SP1
  • Does not apply to: Visio Viewer.
  • Recommendation: If your organization regularly exchanges Visio documents with people outside the organization, you should test and deploy this update as soon as possible.

More information on all of this month’s security bulletins can be found at: http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx