Two of yesterday's Microsoft Updates have Exploitability Index Assessments of 1 — Consistent exploit code likely.

First there's MS09-002 which addresses two vulnerabilities in Internet Explorer 7.



And then there is MS09-004 which patches a vulnerability in Microsoft SQL Server.

You can see from the bulletin that exploit code has already been published for the SQL vulnerability.



The Internet Explorer 7 vulnerability allows for Remote Code Execution on Windows XP SP2/3 and Windows Vista. Considering the installed base, and the high Exploitability assessment, expect to see exploits in-the-wild very soon.

Our Vulnerability Description for IE7 provides links to each of the individual updates should you need to manually update.