March 2009 Microsoft Security Bulletins

After several high profile vulnerabilities discovered for Microsoft products in February, with Internet Explorer vulnerability described in MS09-002 and Excel vulnerability described in (968272) being actively exploited in the wild, March brings a single vulnerability rated as Critical with a potential to cause remote code execution MS09-006.

MS09-009 fixes three separate kernel issues with the most serious one, described by CVE-2009-0081, in kernel part of GDI, which allows an attacker to create a maliciously formated graphics file and exploit it remotely.

Colleagues at the Microsoft Security Response Centre have published an interesting video containing the relevant information and details of Exploitability Index of the vulnerabilities disclosed in March Security Bulletins.

SophosLabs have created a vulnerability analysis for MS09-006, since this is the only vulnerability that might be used by malicious programs and updated our Latest Vulnerabilities page.