In this case, the critical rating applies to all operating systems that Microsoft supplies with security patches. This includes the client operating systems Windows XP, Vista and Windows 7 as well as the server operating systems Windows Server 2008 and 2008 R2.

Here are two graphs visualizing the severity and exploitability index and the bulletin deployment priority.

Here is the list of security bulletins released in November 2011 by Microsoft.

• MS11-083 – Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.
• MS11-085 – Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.
• MS11-086 – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.
• MS11-084 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Microsoft has published a video in which Jerry Bryant discusses this month’s bulletins (Silverlight required).

Additional information about this month's security bulletins are available on the Technet Blog page and the Microsoft Security bulletin Summary for November 2011.

The updates are already available on Windows Update. Users who have started their computer earlier today may need to run a manual update check in Windows Update.

The updates will also be available shortly at Microsoft's Download center.

You find information about each security bulletin below. Please follow the links for information about affected operating systems and Microsoft applications. You find a summary of all security bulletins here.

Here are the Bulletin Deployment Priority and Severity and Exploitability Index screenshots for October 2011:

And a video in which Jerry Bryant discusses this month’s bulletins:

Windows users can update their operating system by installing the security patches via Windows Update or Microsoft's Download Center with Windows Update being the better option if the patches do not have to be installed on multiple computer systems.

Updates are already live and available via Windows Update. Additional information are available at Microsoft's Security Response Center.

Highest possible means that at least one operating system or application has received that rating. It happens that all programs receive the same rating, but it is often not the case.

When you look at affected software programs you will notice that the majority of bulletins resolve issues under Microsoft Windows. Other Microsoft software affected includes Microsoft Internet Explorer, Microsoft Office or the Microsoft .Net Framework.

Detailed bulletin information have not been released at this point. Windows users can however check for updates to download and install the security patches right away. This is done via Start Menu > All Programs > Windows Update.

I will update this guide as soon as more information become available.

Update: The June security bulletins have been posted.

• MS11-038 – Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
• MS11-039 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
• MS11-040 – Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
• MS11-041 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
• MS11-042 – Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
• MS11-043 – Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
• MS11-044 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
• MS11-050 – Cumulative Security Update for Internet Explorer (2530548)
• MS11-052 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
• MS11-037 – Vulnerability in MHTML Could Allow Information Disclosure (2544893)
• MS11-045 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
• MS11-046 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
• MS11-047 – Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
• MS11-048 – Vulnerability in SMB Server Could Allow Denial of Service (2536275)
• MS11-049 – Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
• MS11-051 – Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

You get an overview of all patches on the security bulletin summary page over at Microsoft. It lists for instance the individual severity level of all affected operating systems and applications. Patches do not seem to have been posted yet on Microsoft Download Center.

The Microsoft Security Bulletin Advance Notification for February 2011 details the upcoming patches. A total of 12 security bulletins are released next Tuesday of which all but one fix issues in the Microsoft Windows operating system. The remaining patch fixes a vulnerability in Microsoft Office.

Three of the security vulnerabilities have received a maximum severity rating of critical, the highest available rating, the remaining nine a severity rating of important.

• Microsoft’s newest operating system Windows 7 is affected by seven of the twelve issues. Of those, two are rated critical and the remaining five as important.
• Windows Vista is affected by six vulnerabilities with three rated as critical and the remaining three as important.
• Windows XP is affected by eight vulnerabilities with two being rated as critical and six as important.
• Windows Server 2003 is affected by 10 vulnerabilities of which one is critical, eight are important and one is moderate.
• Windows Server 2008 is affected in the same way as the Vista operating system, with the exception that one of the critical vulnerabilities is only rated as moderate here.
• Windows Server 2008 R2 finally is affected the same way as Windows 7, again with the exception of two vulnerabilities that are rated as moderate instead of critical and important.

The remaining vulnerabiliy affected Microsoft Visio 2002 Service Pack 2, Visio 2003 Service Pack 3 and Visio 2007 Service Pack 2. It is rated as important.

The advanced notifications are accessible here.

Adobe

Adobe has released a Prenotification Security Advisory for Adobe Reader and Acrobat.

Adobe is planning to release updates for Adobe Reader X (10.0) for Windows and Macintosh, Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX, Adobe Acrobat X (10.0) for Windows and Macintosh, and Adobe Acrobat 9.4.1 and earlier versions for Windows and Macintosh to resolve critical security issues. Adobe expects to make updates for Windows and Macintosh available on Tuesday, February 8, 2011. An update for UNIX is expected to be available by the week of February 28, 2011.

Expect lots of patching next Tuesday. We will post detailed information once the patches are released by Microsoft and Adobe.

When we look at the severity rating of those vulnerabilities we notice that two of the bulletins have a maximum severity rating of critical while the remaining ones a rating of important with the exception of one that has been rated as moderate.

Maximum severity rating means that at least one Microsoft product is affect this way by the vulnerability. The critical vulnerability MS10-090 affects Internet Explorer 6 to Internet Explorer 8 and is critical on all Microsoft operating systems. Vulnerability MS10-091 on the other hand is critical on Windows Vista and Windows 7 but not on Windows XP, something that we do not see very often thanks to improved security of the two operating systems.

The updates are already available via Windows Update and the Microsoft Download Center.

• MS10-090 – Cumulative Security Update for Internet Explorer (2416400) – This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-091 – Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199) – This security update resolves several privately reported vulnerabilities in the Windows Open Type Font (OTF) driver that could allow remote code execution. An attacker could host a specially crafted OpenType font on a network share. The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS10-092 – Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) – This security update resolves a publicly disclosed vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-093 – Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434) – This security update resolves a publicly disclosed vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Movie Maker file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-094 – Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961) – This security update resolves a publicly disclosed vulnerability in Windows Media Encoder. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Media Profile (.prx) file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-095 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-096 – Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) – This security update resolves a publicly disclosed vulnerability in Windows Address Book. The vulnerability could allow remote code execution if a user opens a Windows Address Book file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-097 – Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) – This security update resolves a publicly disclosed vulnerability in the Internet Connection Signup Wizard of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if a user opens an .ins or .isp file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.

• MS10-098 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) – This security update resolves one publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS10-099 – Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591) – This security update addresses a privately reported vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

• MS10-100 – Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962) – This security update resolves a privately reported vulnerability in the Consent User Interface (UI). The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-101 – Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559) – This security update resolves a privately reported vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers. The vulnerability could allow denial of service if an attacker sends a specially crafted RPC packet to the Netlogon RPC Service interface on an affected system. An attacker requires administrator privileges on a machine that is joined to the same domain as the affected domain controller in order to exploit this vulnerability.
• MS10-102 – Vulnerability in Hyper-V Could Allow Denial of Service (2345316) – This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-103 – Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) – This security update resolves five privately reported vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-104 – Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005) – This security update resolves a privately reported vulnerability in Microsoft SharePoint. The vulnerability could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. By default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007.
• MS10-105 – Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) – This security update resolves seven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-106 – Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) – This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Additional information are available at the security bulletin summary and the Microsoft Security Response Center.

The updates are already available via Windows Update but can also be downloaded from the Microsoft website in case they need to be deployed on computer systems without Internet connection.

windows update

The severity rating differs depending on the operating system and software version installed. Three security bulletins have a maximum security rating of critical, the most severe one, while the remaining seven are all rated as important.

Vulnerabilities affect various Windows operating systems from Windows 2000 to Windows 7, Microsoft Office, Internet Explorer, Microsoft Server and the Microsoft .net Framework.

• MS10-033 – Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-034 – Cumulative Security Update of ActiveX Kill Bits (980195) – This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2.

  The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.

• MS10-035 – Cumulative Security Update for Internet Explorer (982381) – This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-032 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) –
  This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
• MS10-036 – Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) – This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
• MS10-037 – Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218) – This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-038 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) – This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-039 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) – This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
• MS10-040 – Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) – This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• MS10-041 – Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) – This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering in signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.

It is advised to install the security patches immediately to protect the PC from exploits that are targeting unpatched computer systems. Additional information are provided by the Security Research & Defense team which offers additional information that are helpful for system administrators and advanced users.

Lastly there is the security bulletin overview which lists all relevant information.

AutoPatcher is offered as a portable program that can be executed after unpacking the download file. It will then display a list of all available release packages that can be downloaded to the local computer system.

Available for selection are the core program files. operating system patches for Windows XP, Windows Server 2003 and Windows Vista, Microsoft Office XP, 2003 and 2007, the Microsoft .net Framework, DirectX, Java runtime and Adobe Reader. Most release packages are offered in all languages while some only in specific languages.

Windows 7 was integrated in the latest release of AutoPatcher. AutoPatcher only supports 32-bit operating systems right now which means that the Windows 7 patches are also only offered for the 32-bit version of the operating system.

The main benefit of using AutoPatcher is that it will download all patches that have been released to the local computer system with the option to install them afterwards. This means that the patches can be installed while the computer is offline. It also means that the patches can be distributed to other computer systems to patch those as well.

AutoPatcher can be downloaded from the developer’s website, it should run on all Microsoft operating systems including 64-bit editions.

Update: AutoPatcher development continues. Support for the first Windows 7 Service Pack has been added to the operating system updater recently. The site itself has seen change though, as it now redirects to a forum where download links and instructions are posted now.

Five of the updates have received a critical rating by Microsoft, the highest security rating. Seven were ranked as important which is the second highest rating and one as moderate. The security ratings can vary depending on the operating system and Office version used.

Microsoft Windows 7 users for instance will notice that the security updates have all received an important rating for their operating system while Windows 2000 or Windows XP users will notice that their operating systems have received the largest amount of critical ratings.

• Microsoft Security Bulletin MS10-006 – Critical – Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) – his security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.
  This security update is rated Critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2, and is rated Important for Windows Vista and Windows Server 2008.
• Microsoft Security Bulletin MS10-007 – Critical – Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) – This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
  This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003
• Microsoft Security Bulletin MS10-008 – Critical – Cumulative Security Update of ActiveX Kill Bits (978262) – his security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.
• Microsoft Security Bulletin MS10-009 – Critical – Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) – his security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.
  This security update is rated Critical for Windows Vista and Windows Server 2008.
• Microsoft Security Bulletin MS10-013 – Critical – Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) – This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  This security update is rated Critical for all supported editions of Microsoft Windows except for all supported Itanium-based editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2, for which this security update is rated Important.
• Microsoft Security Bulletin MS10-003 – Important – Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) – This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  This security update is rated Important for all supported editions of Microsoft Office XP and Microsoft Office 2004 for Mac.
• Microsoft Security Bulletin MS10-004 – Important – Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) – This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  This security update is rated Important for supported editions of Microsoft Office PowerPoint 2002 and Microsoft Office PowerPoint 2003, and Microsoft Office 2004 for Mac
• Microsoft Security Bulletin MS10-010 – Important – Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) – his security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
  This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2
• Microsoft Security Bulletin MS10-011 – Important – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) – This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
  This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
• Microsoft Security Bulletin MS10-012 – Important – Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) – This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
  This security update is rated Important for all supported editions of Microsoft Windows.
• Microsoft Security Bulletin MS10-014 – Important – Vulnerability in Kerberos Could Allow Denial of Service (977290) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.
  This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008
• Microsoft Security Bulletin MS10-015 – Important – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) – his security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
  This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 for 32-bit Systems.
• Microsoft Security Bulletin MS10-005 – Moderate – Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) – This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  This security update is rated Moderate for Microsoft Windows 2000, Windows XP, and Windows Server 2003

Updates can be downloaded and installed the usual ways. This includes through Windows Update, Microsoft Update, downloading the updates individually or downloading the security CD for February 2010 which will is provided by Microsoft after every patch day.

Microsoft has released the following security patches (with a link pointing to the security bulletin containing additional information, deployment guidelines and download opportunities):

• MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (Critical) – This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
• MS09-051 Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) (Critical) – This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) (Critical) – This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-054 Cumulative Security Update for Internet Explorer (974455) (Critical) – This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-055 Cumulative Security Update of ActiveX Kill Bits (973525) (Critical) – This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) (Critical) – This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) (Critical) – This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.
• MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) (Critical)- This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-053 Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) (Important) – This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
• MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) (Important) – This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
• MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) (Important) – This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS09-059 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) (Important) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.

Adobe will also release security patches later today for critical vulnerabilities in Acrobat Reader.

Critical ratings for Windows XP or Windows Server 2003 are usually important or moderate ratings for Windows Vista or Windows Server 2008 thanks to the increased security in those operating systems. Downloads are already available from various official sources including Automatic Updates, Windows Update or Microsoft Update.

• MS09-028 – Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) – This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-029 – Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) – This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-030 – Cumulative Security Update of ActiveX Kill Bits (973346) – This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-031 – Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) – This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS09-032 -Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) – This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
• MS09-033 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) – This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

It is recommended to install the Microsoft Security Patches as soon as possible to close the security vulnerabilities.

The easiest way to download and install the patches is by pointing the Internet Explorer web browser to Microsoft Update which will automatically detect and install the available patches for the computer system. Other possibilities include downloading the security patches from Microsoft Download Center from where they are available as well.

Six vulnerabilities have been rated as critical, three as important and one as moderate. Critical security vulnerabilities can usually be exploited for remote code execution meaning it is essential to fix these vulnerabilities quickly. You can follow the links below for additional information about each vulnerability.

• MS09-018 – Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
• MS09-019 – Cumulative Security Update for Internet Explorer (969897)
• MS09-020 – Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
• MS09-021 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
• MS09-022 – Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
• MS09-023 – Vulnerability in Windows Search Could Allow Information Disclosure (963093)
• MS09-024 – Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
• MS09-025 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
• MS09-026 – Vulnerability in RPC Could Allow Elevation of Privilege (970238)
• MS09-027 – Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

The easiest way to install the patches is by downloading and installing the security patches at Windows Update which provides access to all security updates even for users who run a non legit version of Windows.

Microsoft did also release a new version of the Windows Malicious Software Removal Tool which is now able to detect two new families of malware (Win32/FakeXPA and Win32/Yektel)

• MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”
• MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
• MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”
• MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”
• MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”
• MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”
• MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”
• MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”

Windows users should install the updates as soon as possible to secure their computer system.

The vulnerability rated as critical could allow remote code execution in the in Microsoft XML Core Services while the vulnerability rated important could allow remote code execution in Microsoft Server Message Block (SMB) Protocol.

Both security vulnerabilities can be fixed by using Windows Update or by downloading the security updates directly from the Microsoft Download website by following the two links given above in this article.

Microsoft released a batch of eleven security patches for various operating systems and products yesterday which are available by visiting Windows Update or Microsoft Technet which contains in depths information about the affected products and the security vulnerabilities.

The patches fix four critical, six important and 1 moderate security vulnerability:

• Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
• Cumulative Security Update for Internet Explorer (956390)
• Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
• Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

• Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
• Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
• Vulnerability in SMB Could Allow Remote Code Execution (957095)
• Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
• Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

• Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

It is highly recommended to update the products as soon as possible to protect the system from this attacks.

This can be achieved with a small batch file that will create a list of all installed Windows hotfixes and the date and time that they have been installed on the system. The information is taken directly from the KBxxxxxx.log files that are created for each individual hotfix that is installed in Windows.

Those log files are located in the Windows directory and it would take some time to check them manually to build the list. Here is a screenshot of the output which is saved in a text document in the root directory of the main hard drive.

The code which has to be added in one line is the following:

dir %windir%\*.log /o:d | findstr /i /r /c:q......\.log /c:kb......\.log /c:q......uninst\.log /c:kb......uninst\.log > %systemdrive%\hotfixes.log

Some of you might prefer a direct download, just download the knowledgebase file and unpack it to the computer system. It contains the same code that is shown above.

A third possibility came to light recently with the introduction of the Windows Update Catalog. Like the Windows Updates website the Windows Update Catalog only loads properly in Internet Explorer. It does offer however a nice and convenient way of downloading all updates for Windows in one go from the official Microsoft server.

The website features a search form that searches the entire Windows database of patches, updates and applications. Entering a generic name like Windows XP returns more than 1000 results which means that it makes sense to reduce the results by narrowing down the search.

Instead of searching for Windows XP a user could search for Windows XP Security Updates or Windows XP KB. Items can be added to the basket from where they can be downloaded at once. The updates will be stored in a selected folder from where they can be installed.

The Windows Update Catalog offers an enhancement by introducing the basket which makes it possible to add all files to it before downloading them in one go. This is a great way of downloading all updates for Windows in short time.

It is missing a few features like filtering search results by operating system or language which would greatly reduce the hits and time spent on the site.

Update: The website is more for the professional user who know exactly what they are looking for. The easiest way to work your way through the site is to know the unique patch numbers to display them directly and without noise in the interface.

All critical vulnerabilities which affect Microsoft Windows, Microsoft Office and Internet Explorer allow Remote Code Execution. The easiest way to patch these security vulnerabilities is by visiting the Windows Update website with Internet Explorer and let a script check the available updates for your system. Please note that you will be asked if you want to install Service Pack 3 Refresh 2 for Windows XP if you use that operating system. My advise would be to not install this version yet and wait for the release version.

All security updates will be displayed and are selected for immediate download and installation. You could follow the link above which leads to the Microsoft website that explains the vulnerabilities and leads to downloads of the patches. This means that you have to make sure to pick the correct downloads for your operating system and software.

Two security patches have been released this month, they are the critical Microsoft Security Bulletin MS08-001 and the important Microsoft Security Bulletin MS08-002. The critical patch fixes vulnerabilities in Windows TCP/IP that could allow remote code execution while the important patch deals with a vulnerability in LSASS that could allow local elevation of privilege.

Both patches are available through Windows Updates but also as single downloads. Several operating systems need to be patched including Windows Vista (only the critical), Windows 2000 and Windows XP. Downloads are available if you follow the links above.

Besides listing all updated files the tool offers links to the Microsoft website detailing information about the update that has been installed. This is great to verify what the update fixed. All the information can be exported as text, html or xml files.

You can run the software on all Windows operating systems starting with Windows 98 except Windows Vista. WinUpdatesList can also be used to gather the updates from a second installation of Windows XP / 2000 or from a remote computer.

To get these information you use the following two commands:

Another operating system on the same computer: (replace e:\winnt with the drive and dir)

wul.exe /another e:\winnt

Using the software to get the list from a remote computer: (replace 192.168.0.10 with the IP of the remote computer)

wul.exe /remote \\192.168.0.10

Read More:

Win Updates List