Microsoft Issues 6 Updates To Windows

Microsoft has issued 6 updates, 3 of which are rated critical, to address a total of 11 (or 12, depending on how you count them) vulnerabilities in components of Windows and Office. The most serious is a cumulative update to Internet Explorer with multiple critical vulnerabilities.
The 3 critical updates are:MS09-071: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution—All but the most recent versions of Windows are affected by these error in two authentication processes. On some platforms one enables elevation of privilege. The other, on a few, remote code execution. Oddly, only the R1 versions of Windows Server 2008 are rated critical. The circumstances seem obscure and neither is rated by Microsoft as likely to result in consistent exploit code.MS09-072: Cumulative Security Update for Internet Explorer—4 new vulnerabilities affecting all versions of Internet Explorer on all platforms are addressed in this update, including 3 critical updates to IE8 on Windows 7. An old vulnerability, the ATL COM Initialization vulnerability that came from buggy ATL header files many months ago, is fixed in a component of IE5 and IE6. As we warned at the time, the implications of this bug would trickle out for a long time. Very serious cumulative update, and users should apply (continue reading...)