Microsoft Security Bulletin Summary for July 2008 - what is it now?

I believe it has been a while that we have seen the security hotfix from Microsoft Security team on SQL Server (alone). The latest security bulletin has announced important security patches that are related to SQL Server in addition to Windows operating system. They quote that "...With the release of the bulletins for July 2008, this bulletin summary replaces the bulletin advance notification originally issued July 3, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification....".

The Severity rating has been given as important which means you have to test the referred hotfix from this KBA Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) link. As that goes in specific to SQL Server the following are for Windows alone: Vulnerabilities in DNS Could Allow Spoofing (953230), Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) & Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) links.

So what is your practice in deploying such security hotfixes within your environment?

Don't forget to test the patches before deploying them on to the production, that might cause unprecedented downtime and with prior testing you will be able to catch the issues in hand. Also it is recommended to deploy Baseline Security Analyzer tool MBSA that  allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations.

If you are new to this type of alerts or patches then you must visit the Security Guidance for Update Management link that provides additional information about Microsoft’s best-practice recommendations for applying security updates.