A very serious error in Internet Explorer 7 has been fixed by today's monthly patch batch from Microsoft. A flaw which may allow a spiteful Web site to install malware on a vulnerable PC, along with a patch for the Visio diagramming software.

It comes as good news for all those businesses, which run a Microsoft Exchange or SQL server, and are in a dire need of important fixes.

A bulletin by Microsoft confirms that attack code, which makes the MS09-002 IE7 flaw its target, could be crafted easily.

So the fix should be downloaded through Windows Update only. It has also been posted by the Internet Storm Company that though there are not any known attacks yet, it affects both XP and Vista. Surprisingly, only IE7 is not affected and not earlier versions of the browser.

Furthermore, the users would also be able to trace a fix for the Visio software which can allow an attacker to run any command if user opens a hacked Visio file.

It should also be mentioned here that the program is well known among network and server administrators who typically have far-reaching permissions on their networks. So don't be astonished if you see a targeted attack come along that goes after this flaw.

There are other two fixes for servers Exchange and SQL server. If adhered to ISC, "There has been exploit code out there for the SQL server flaw since December." So the users who have a publicly accessible SQL server at their company should better plan an emergency fix in order to avoid a SQL injection or other attack.