for those unaware of how to run windows update, open internet explorer browser, then tools option -> windows update -> express updates.
Huge Microsoft Patch Fills Windows, Office, IE Holes
by Larry Seltzer
Microsoft released 10 updates to various versions of Windows, components of Microsoft Office, and a cumulative update to Internet Explorer on Tuesday. The company patched a total of 31 vulnerabilities in the update, with some being highly exploitable.
The most serious one is the update for Internet Explorer, MS09-019: Cumulative Security Update for Internet Explorer. This update addresses a critical vulnerability on every client version of Windows. 8 separate vulnerabilities are patched in this update, including one which was publicly disclosed in 2007. While this very old vulnerability has been public knowledge for some time, there are no known reports of exploit code and Microsoft's exploitability index states that functioning exploit code for it is unlikely.
5 of the other 7 vulnerabilities are some sort of HTML or DHTML "Object Memory Corruption Vulnerability". One of them is interesting for affecting only Internet Explorer 8, the most recent and highly-scrutinized version. This vulnerability appears to be easy to exploit if DEP is not enabled, but unlikely to be exploited on systems on which DEP is enabled. This vulnerability on pre-release IE8 was the subject of a high-profile exploit at the last CanSecWest Pwn2Own contest, but that exploit used a hole through DEP that was patched before IE8 was shipped.
Only one of the other vulnerabilities has an exploitability index of 1, meaning that functioning exploit code is likely. It is rated critical only on IE6 on Windows XP and doesn't affect IE7 or IE8. 2 other vulnerabilities in IE7 on Vista could result in "inconsistent" exploit code.
There are 6 updates for Microsoft Windows:
MS09-018: Vulnerabilities in Active Directory Could Allow Remote Code Execution—This update is rated critical for Windows 2000, important for Windows XP and Server 2003 and not applicable to other versions. This update fixes 2 separate vulnerabilities; one is critical and exploitable, the other not critical and unlikely to be exploitable. "Remote code execution possibility exists on Windows 2000 servers that expose the LDAP service (default tcp/389) on the network."
MS09-022: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution—This update is rated critical for Windows 2000, moderate for Windows XP and Server 2003 and, ironically, important for Windows Vista and Server 2008, the usually less-severely affected versions.
MS09-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege—This update is rated important for all supported versions of Windows. 4 vulnerabilities patched. Privilege elevation bugs are sometimes used in combination with other vulnerabilities in order to accomplish a more sophisticated exploit.
MS09-026: Vulnerability in RPC Could Allow Elevation of Privilege—This update is rated important for all supported versions of Windows. On the one hand the advisory says that this is an error in "...the Windows remote procedure call (RPC) facility where the RPM Marshalling Engine does not update its internal state appropriately." On the other hand, the exploitability index says that "This vulnerability does not directly affect any Microsoft software. However, workstations on which RPC services are implemented from independent software vendors might be susceptible to remote code execution if this security update is not installed." So it's important, but it's not so clear where the error is.
MS09-020: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege—This update is rated important for Windows 2000, XP and Server 2003, and not applicable to Vista and Server 2008. One of the 2 vulnerabilities in this advisory was publicly disclosed last month after it was exploited in the wild, so clearly it is exploitable, although only for information disclosure.
MS09-023: Vulnerability in Windows Search Could Allow Information Disclosure —This update is rated moderate for Windows XP and Server 2003, and not applicable to all other versions. A script execution bug exists in the way file previews are generated that could result in inappropriate information disclosure.
One update, MS09-024: Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution, is rated critical for Word 2000, important for Word 2002, Word 2003, Word 2007, Works 8.5 and Works 9.0. It's a simple buffer overflow in the Works file importer for .wps files. Word 2007 SP2 is not affected.
A separate vulnerability in Microsoft Word, MS09-027: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution, is rated critical for Word 2000 and important for a wide variety of Word products including the Mac versions, the file viewers and file compatibility packs. It fixes 2 separate buffer overflow vulnerabilities one of which is exploitable for remote code execution. Word 2000 users beware.
Finally, a vulnerability in Microsoft Excel, MS09-021: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution, is rated critical for Excel 2000 and important for a wide variety of Excel products including the Mac versions, the file viewers, file compatibility packs and the Sharepoint Server. 7 separate vulnerabilities are patched, 6 of them critical on Excel 2000. 4 of these are likely to produce functioning exploit code for remote code execution, but the rating is only critical on Excel 2000 because of mitigating factors in later versions.