Microsoft issued four security bulletins this week, fixing nine flaws in Microsoft SQL Server and Windows that could allow an elevation of privilege of an authenticated attacker or remote code execution. This month's patch cycle from Microsoft isn't quite as severe as the past few months. In fact, none of the four security bulletins, which contain a total of nine fixes, is considered critical, the most severe of alerts.

The four flaws in SQL Server, addressed in security bulletin MS08-040, address issues that could allow an elevation of privilege of an authenticated attacker. Microsoft said one of the flaws could allow an attacker to run code and to take complete control of an affected system. The update needs to be manually installed in SQL Server 7.0 Service Pack 4.

Security experts said that one of the most severe updates contained in this month's security bulletins includes a fix that resolves two vulnerabilities in the Windows Domain Name System (DNS). The vulnerabilities could open the door up for an attacker to redirect user's Internet traffic to launch a spoofing attack -- a multi-platform error affecting Unix and Linux, as well as Windows, platforms, experts said.

As per tradition, Microsoft has also updated its Malicious Software Removal tool, this month adding the Win32/Horst line of Trojan horses to its detection list.

A detailed description of the security bulletins can be read here.