Microsoft has released the latest security bulletins and the security updates cover over 30 different vulnerabilities ranging from relatively moderate ones like Information disclosure in Windows Search functionality to several remote execution vulnerabilities in Internet Explorer, Excel and Word.
As far as I could tell, even if there are many remote execution vulnerabilities fixed this month, none of them has a potential to wreak havoc in a similar way as MS08-067, exploited by the Conficker worm. Nevertheless, it is important to apply all the security updates as soon as possible, especially the ones affecting the common targets such as Internet Explorer.
As every month we have published our analysis which include SophosLabs threat level assigned to each Microsoft Security Bulletin.
Here are the links for the individual analyses in case you do not feel the need to go to the landing page:
MS09-018 – Vulnerabilities in Active Directory Could Allow Remote Code Execution
MS09-019 – Cumulative Security Update for Internet Explorer
MS09-021 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
MS09-022 – Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution
MS09-024 – Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution
MS09-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
MS09-027 – Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution