Microsoft released six security bulletins addressing a total of twelve vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (WordPad and Project).

This month, MS09-072 is the only bulletin this month that has both a Critical severity rating and Microsoft's maximum Exploitability Index rating of 1. Of note, each of the five vulnerabilities addressed in this bulletin are Critical and each also have an Exploitability Index rating of 1. So users running Microsoft IE 6 or 7 should install this update as soon as possible.

The security updates for these vulnerabilities are available for download at the Microsoft Update web site (https://update.microsoft.com/microsoftupdate/). Please note that systems joined to the LSU Active Directory automatically receive the critical updates when available.  Other updates will have to be installed from Microsoft Update.

Remember to close all applications at the end of work day today, as security updates may require a restart of your machine.

Additional Information / Tools:
Microsoft Security Bulletin - http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx
Severity and Exploitability Index Graph - http://blogs.technet.com/photos/msrcteam/images/3299186/original.aspx
US-CERT Technical Alerts - http://www.us-cert.gov/cas/techalerts/
Microsoft Baseline Security Analyzer - http://www.microsoft.com/technet/security/tools/mbsa2_1/default.mspx