Highest possible means that at least one operating system or application has received that rating. It happens that all programs receive the same rating, but it is often not the case.

When you look at affected software programs you will notice that the majority of bulletins resolve issues under Microsoft Windows. Other Microsoft software affected includes Microsoft Internet Explorer, Microsoft Office or the Microsoft .Net Framework.

Detailed bulletin information have not been released at this point. Windows users can however check for updates to download and install the security patches right away. This is done via Start Menu > All Programs > Windows Update.

I will update this guide as soon as more information become available.

Update: The June security bulletins have been posted.

• MS11-038 – Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
• MS11-039 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
• MS11-040 – Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
• MS11-041 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
• MS11-042 – Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
• MS11-043 – Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
• MS11-044 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
• MS11-050 – Cumulative Security Update for Internet Explorer (2530548)
• MS11-052 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
• MS11-037 – Vulnerability in MHTML Could Allow Information Disclosure (2544893)
• MS11-045 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
• MS11-046 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
• MS11-047 – Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
• MS11-048 – Vulnerability in SMB Server Could Allow Denial of Service (2536275)
• MS11-049 – Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
• MS11-051 – Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

You get an overview of all patches on the security bulletin summary page over at Microsoft. It lists for instance the individual severity level of all affected operating systems and applications. Patches do not seem to have been posted yet on Microsoft Download Center.

A total of eleven security bulletins have been released that update the Windows operating system as well as other Microsoft software like Microsoft Office.

The updates fix security vulnerabilities in Microsoft applications and it is generally recommended to update the operating systems and applications as soon as possible to close the security holes and protect the systems from malicious attacks exploiting these vulnerabilities.

Five of the vulnerabilities have received a critical rating, the highest and most severe rating that vulnerabilities can get.

• MS10-019 – Vulnerabilities in Windows Could Allow Remote Code Execution (981210) – This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS10-020 – Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) – This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
• MS10-025 – Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) – This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default.
• MS10-026 – Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816) –
  This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-027 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402) – This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-021 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) – This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS10-022 – Vulnerability in VBScript Could Allow Remote Code Execution (981169) – This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution. This security update is rated Important for Microsoft Windows 2000, Windows XP, and Windows Server 2003. On Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2, the vulnerable code is not exploitable, however, as the code is present, this update is provided as a defense-in-depth measure and has no severity rating.

  The vulnerability could allow remote code execution if a malicious Web site displayed a specially crafted dialog box on a Web page and a user pressed the F1 key, causing the Windows Help System to be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

• MS10-023 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160) – This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-024 – Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) – This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.
• MS10-028 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) – This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-029 – Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338) – This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Moderate for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Windows 7 and Windows Server 2008 R2 are not vulnerable because these operating systems include the feature deployed by this security update.

  This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address. The security update addresses the vulnerability by changing the manner in which the Windows TCP/IP stack checks the source IPv6 address in a tunneled ISATAP packet.

The security updates can be downloaded by following the links listed above or by launching Windows Update or Microsoft Update to download and install them automatically on the computer system.

AutoPatcher is offered as a portable program that can be executed after unpacking the download file. It will then display a list of all available release packages that can be downloaded to the local computer system.

Available for selection are the core program files. operating system patches for Windows XP, Windows Server 2003 and Windows Vista, Microsoft Office XP, 2003 and 2007, the Microsoft .net Framework, DirectX, Java runtime and Adobe Reader. Most release packages are offered in all languages while some only in specific languages.

Windows 7 was integrated in the latest release of AutoPatcher. AutoPatcher only supports 32-bit operating systems right now which means that the Windows 7 patches are also only offered for the 32-bit version of the operating system.

The main benefit of using AutoPatcher is that it will download all patches that have been released to the local computer system with the option to install them afterwards. This means that the patches can be installed while the computer is offline. It also means that the patches can be distributed to other computer systems to patch those as well.

AutoPatcher can be downloaded from the developer’s website, it should run on all Microsoft operating systems including 64-bit editions.

Update: AutoPatcher development continues. Support for the first Windows 7 Service Pack has been added to the operating system updater recently. The site itself has seen change though, as it now redirects to a forum where download links and instructions are posted now.

Microsoft has released two charts that show the severity and exploitable index and the deployment priority. The former interesting for all users while the latter probably only for network administrators.

• Microsoft Security Bulletin MS09-045 – Critical – Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) – This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS09-046 – Critical – Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) – This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS09-047 – Critical – Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) – This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Microsoft Security Bulletin MS09-048 – Critical – Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) – This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
• Microsoft Security Bulletin MS09-049 – Critical – Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) – This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.

The patches can be download and applied by visiting the pages that are linked above or by using any of the update options that are provided by Microsoft operating systems including Windows Update, Automatic Updates or Microsoft Updates. Additional information can be found at the Microsoft Technet page.

Critical ratings for Windows XP or Windows Server 2003 are usually important or moderate ratings for Windows Vista or Windows Server 2008 thanks to the increased security in those operating systems. Downloads are already available from various official sources including Automatic Updates, Windows Update or Microsoft Update.

• MS09-028 – Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) – This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-029 – Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) – This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-030 – Cumulative Security Update of ActiveX Kill Bits (973346) – This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-031 – Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) – This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS09-032 -Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) – This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
• MS09-033 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) – This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

It is recommended to install the Microsoft Security Patches as soon as possible to close the security vulnerabilities.

The easiest way to install the patches is by downloading and installing the security patches at Windows Update which provides access to all security updates even for users who run a non legit version of Windows.

Microsoft did also release a new version of the Windows Malicious Software Removal Tool which is now able to detect two new families of malware (Win32/FakeXPA and Win32/Yektel)

• MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”
• MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
• MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”
• MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”
• MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”
• MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”
• MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”
• MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”

Windows users should install the updates as soon as possible to secure their computer system.

The vulnerability rated as critical could allow remote code execution in the in Microsoft XML Core Services while the vulnerability rated important could allow remote code execution in Microsoft Server Message Block (SMB) Protocol.

Both security vulnerabilities can be fixed by using Windows Update or by downloading the security updates directly from the Microsoft Download website by following the two links given above in this article.

All critical vulnerabilities which affect Microsoft Windows, Microsoft Office and Internet Explorer allow Remote Code Execution. The easiest way to patch these security vulnerabilities is by visiting the Windows Update website with Internet Explorer and let a script check the available updates for your system. Please note that you will be asked if you want to install Service Pack 3 Refresh 2 for Windows XP if you use that operating system. My advise would be to not install this version yet and wait for the release version.

All security updates will be displayed and are selected for immediate download and installation. You could follow the link above which leads to the Microsoft website that explains the vulnerabilities and leads to downloads of the patches. This means that you have to make sure to pick the correct downloads for your operating system and software.