Four February fixes from Microsoft

The February bulletins fix eight security flaws

Microsoft has posted its monthly security update for February. The latest patch release contains bulletins for four different applications, including two for server systems.

The bulletins fix a total of eight security flaws, seven of which could be exploited to allow for remote code execution.

Two of the four carry a maximum security rating of 'critical', the highest of Microsoft's alert levels. The first addresses a pair of vulnerabilities in Internet Explorer 7 for all supported versions of Windows. Earlier versions of the browser are not considered vulnerable.

Both flaws could be triggered by way of a specially crafted web page, which could cause an application crash and allow for remote code execution.

The second critical bulletin addresses two flaws in Exchange Server. The first could allow an attacker to remotely take control of a targeted server by way of a specially crafted TNEF message, while the second could allow for a denial-of-service through malformed MAPI commands. Both are limited to systems running Exchange Server 2000, 2003 and 2007.

Each of the remaining two bulletins address flaws rated as 'important', the third of Microsoft's four threat levels. The first fix addresses a remote code execution flaw in SQL Server, while the second fixes three vulnerabilities in Office Visio.

Users can obtain the monthly update through Windows Automatic Update or from Microsoft's Security Central page.