Microsoft has served this month’s patches, hot out of the oven. As expected, they only released two security bulletins, both of which affect Windows or a component that ships with it.
The more detrimental of the two bulletins fixes two Critical vulnerabilities in Windows’ Data Access components. In short, if an attacker can entice you to a malicious web page, he could exploit this to take over your computer. I would recommend you patch this one immediately. The second bulletin fixes a flaw in Vista’s Backup Manager. This flaw requires a bit more user interaction to exploit, but Vista users should still upgrade as soon as they can. You can find more details about today’s MS Patch Day releases here.
According to SANs, exploit code is available for the flaws both these bulletins fix, one of which anyone can download from the Exploit-db. Even though today’s Black Tuesday isn’t so black, I’d still recommend you install all of Microsofts updates as quickly as you can.
I’ll post a LiveSecurity alert that describes these bulletins in more detail, shortly. — Corey Nachreiner, CISSP