In its security bulletin summary for October 2009 Microsoft has published eight updates for critical vulnerabilities in its operating systems / applications as well as five important updates.
Critical is Microsoft's highest vulnerability rating.
A summary describing briefly the vulnerabilities is available from Microsoft's Security Bulletin Summary for October 2009.
From this page you will also find links to more detailed information in Microsoft's Security Bulletins MS09-050 - MS09-062.
The critical update addresses the following issues:
- One publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2).
- Two privately reported vulnerabilities in Windows Media Runtime.
- One privately reported vulnerability in Windows Media Player.
- One publicly disclosed and three privately reported vulnerabilities in Internet Explorer.
- One privately reported vulnerability in ActiveX Kill Bits.
- Several privately reported vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office.
- Three privately reported vulnerabilities in Microsoft .NET Common Language Runtime.
- Several privately reported vulnerabilities in Microsoft Windows GDI+.
Updates that fixes the vulnerabilities are available from Windows automatic update mechanism for systems that support this. Alternatively, one may download updates from http://windowsupdate.microsoft.com.
Norman advices all affected users to download the security updates as soon as possible, to be protected from potential exploits.
