Microsoft ,Tuesday released three security bulletins with fixes for vulnerabilities affecting millions of Windows OS users.
- MS09-006/KB958690 — Critical (XP, Vista, 2000, 2003, 2008):. Provides cover for three newly discovered and privately reported vulnerabilities in Windows. This particular bug allows attackers to remotely execute code via a specially crafted EMF or WMF image. You should install this patch immediately. These vulnerabilities affect all versions of Windows, including Vista and Windows Server 2008.
- MS09-007/KB960225 — Important (XP, Vista, 2000, 2003, 2008): This bulletin includes a patch for a solitary vulnerability in Windows, which could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. To exploit this bug, the attacker needs access to the certificate that the end user has for authentication, which is why it is lowered to “Important.” This is not the worst bug in history, but you will want to install this patch when convenient. This affects 32-bit and 64-bit versions of Windows, including Server Core.
- MS09-008/KB961063/KB961064 – Important (2000, 2003, 2008): The DNS and WINS servers in Windows Server have a vulnerability that could allow someone to mess with the lookups; from there, all sorts of mischief can occur, such as swapping google.com to some undesirable Web site. Install this patch on any server running DNS or WINS that an attacker might have access to. This affects 32-bit and 64-bit versions of Windows Server, including Server Core.
Windows users should treat the “critical” bulletin with the highest possible priority.