Microsoft released today updates for Windows covering 8 vulnerabilities affecting Windows and 1 affecting both Windows and Exchange.
The vulnerabilities rated Critical are MS05-050, MS05-051 and MS05-052. All of them could allow remote code execution, the first two due to vulnerabilities in DirectShow and MSDC/COM+ respectively; the latter one involves Internet Explorer and could be used to gain control of an unpatched system.
Four vulnerabilities are rated as Important MS05-046, MS05-047, MS05-048, MS05-049. All of them involve remote code execution. The affected components are “Client Services for NetWare”, “Plug and Play”, “Microsoft Collaboration Data Objects” and the “Windows Shell”. These are rated as Important as they require either user interaction, the attacker to log on locally, services not installed by default or services not vulnerable in their default configurations.
The last two, rated as Moderate are MS05-044 and MS05-045 affecting the Windows FTP client and the Network Connection Manager respectively.
Of all these, the three rated as critical might end up being used with malicious intent against unpatched machines. As usual, it’s recommended to update as soon as possible.