Microsoft released six security bulletins addressing a total of fifteen vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word).
This month, MS09-065 is the only bulletin with a critical severity rating and an Exploitability Index rating of 1 (“Consistent Exploit Code Likely”). This bulletin provides updates for three vulnerabilities in Windows Kernel-Mode Drivers. Microsoft recommends installing this update immediately.
The security updates for these vulnerabilities are available for download at the Microsoft Update web site (https://update.microsoft.com/microsoftupdate/). Please note that systems joined to the LSU Active Directory automatically receive the critical updates when available. Other updates will have to be installed from Microsoft Update.
Remember to close all applications at the end of work day today, as security updates may require a restart of your machine.
Additional Information / Tools:
Microsoft Security Bulletin - http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx
Severity and Exploitability Index Graph - http://blogs.technet.com/photos/msrcteam/images/3292868/original.aspx
US-CERT Technical Alerts - http://www.us-cert.gov/cas/techalerts/
Microsoft Baseline Security Analyzer - http://www.microsoft.com/technet/security/tools/mbsa2_1/default.mspx