Microsoft plans to ship four security updates next Tuesday as part of its monthly patch cycle. All four were labeled “important” (the company’s second-highest ranking), even though one of the bugs being addressed poses a “remote code execution” risk, something that would normally merit a critical tag.
This remote code execution flaw, which affects Windows Vista and Server 2008, was apparently given the less-severe rating because it doesn't work without the user first taking some extra actions or adding special software or drivers – though no specific details were provided.
Of the remaining bulletins, two repair vulnerabilities found in Microsoft SQL Server and Exchange Server that could be used by an attacker to obtain elevated privileges on a targeted system, while the fourth one deals with a potential spoofing attack. More details on the upcoming patches can be found in Microsoft’s pre-alert here