Microsoft will release four security patches for its Windows, Exchange, and SQL products next Tuesday, all rated “important.”

The Exchange and SQL flaws are “Elevation of Privilege” bugs, meaning that an attacker could theoretically exploit them to get administrative access to a PC. One of the Windows flaws is labeled a “spoofing” bug, meaning that it could help hackers trick the user into doing things like visiting malicious Web sites.

The fourth update fixes a Windows flaw that could allow an attacker to run unauthorized code on a victim’s PC, Microsoft said. Normally, this type of flaw is rated “critical” by Microsoft, but in this case the bug was probably given a less-severe rating because it doesn’t work without the user first taking some extra actions or adding special software or drivers, said Eric Schultze, chief technology officer at Shavlik Technologies.

This remote code execution flaw affects Windows Vista and Windows Server 2008.

The SQL vulnerability affects Microsoft’s SQL Server software and the internal SQL software that ships with some versions of Windows. It does not affect Vista or XP users, but it does exist on the Windows 2000, Windows Server 2003 and Windows Server 2008 products.

The judge hearing Viacom’s $1 billion copyright infringement claim against Google has ordered its YouTube unit to provide user histories.

Google has to turn over millions of videos it has removed from the video-sharing site, user login IDs, records showing when users watched videos, their IP addresses, and numbers that identify the videos. The order applies not only to videos watched on YouTube but also to videos embedded on third-party Web sites.

A new version of Opera (v9.51) has been released. It fixes couple of security vulnerabilities and some stability issues. One of the fixed issues includes arbitrary code execution but the exploit has not been published yet.

Internet Explorer’s getting a little bit safer. Microsoft Wednesday unveiled significant new security features that will be in the next version of the company’s Web browser, Internet Explorer 8, currently in public beta testing.

From Microsoft’s standpoint, any improvement in security is a plus, and the company seems to be taking that to heart with Internet Explorer 8, which includes a slew of new or upgraded security features. In the past, Microsoft has been heavily criticized for its browser security, while its chief competitor, Mozilla Firefox, has been largely lauded.

One of the most important new features in IE8 is a set of cross-site scripting defenses to protect the browser against the most common type of these attacks, known as “reflection” attacks, wherein transmitted data is sent back to the attacker. During these attacks, hackers could be stealing cookies and browser history, logging keystrokes, stealing credentials, or just evading phishing filters.

Internet Explorer 8 will also have what Microsoft’s calling the SmartScreen Filter, which has been previously announced, but is more than Microsoft originally let on. It’s an upgraded version of the phishing filter found in Internet Explorer 7 with a twist. It now includes malware protection, a feature also found in the latest versions of Mozilla Firefox and Opera.

When users visit a site that’s been reported by any one of a number of third party data providers as a phishing or malware-laden site, they’ll be greeted with a big red background and a warning. That’s an upgrade over the anti-phishing user interface in Internet Explorer 7, which Microsoft tests found looked too much like a potentially less harmful page that just has security certificate errors.

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.