Microsoft will be issuing six security updates today (four of them are critical) to patch 11 bugs in Windows, Internet Explorer, Microsoft Office, SQL Server, Microsoft Developer Tools, and its virtual private networking platform. The remaining two will be important bulletins that will be for Microsoft Office and Forefront access gateway.
"[Bulletin 4] is a head scratcher," said Andrew Storms, director of security operations at nCircle Security. "Usually a bulletin covers developer tools or servers or Office, but whammo, here's one with everything."
Bulletin 4, according to Microsoft's advanced notification advisory for April's Patch Tuesday, will affect Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8, and Visual Basic 6 Runtime.
Microsoft advanced notification did not specify the software module(s) that Bulletin 4 will patch. Storms speculated that it would be in the Microsoft Data Access Components (MDAC), a set of components that lets Windows access databases such as Microsoft's own SQL Server.
It was in January 2011 when Microsoft last patched MDAC vulnerabilities. Those bugs, also pegged critical, were in the MDAC ActiveX control that allows users to access databases from within Internet Explorer.