Happy Microsoft Tuesday, everyone! Redmond has all sorts of fun planned for you.
The Monthly Security Bulletin release it out, and it's a whopper, like we all expected. Eight updates are included in this release, including 5 rated as critical by Microsoft.
The Microsoft Security Response Center blog has more information.
The most troubling patch seems to be MS09-009, with a couple of CVEs relating to vulnerabilities in Excel that are actively being exploited, although Microsoft claims the attacks are targeted.
MS09-014, which addresses 6 vulnerabilities in Internet Explorer, replaces a couple of other past fixes, MS08-073 & 78, and MS09-002. If you're running IE, don't dally around with this one., because there's exploit code publicly available.
Finally, MS09-010 rounds out the prioritization trifecta. Four CVEs dealing with wordpad and officer converter vulnerabilities are addressed, and each of these flaws is being actively exploited.
There are a couple of other patches that deal with IIS & SQL on the server side, and Microsoft's firewall offering, ISA Server, so pay close attention to those if you have them in your environment. Otherwise, remediate the client side first, then move on to the servers, as the clients are a more readily accessible attack vector.
Enjoy your patching cycle!