Microsoft today again showed us all why we really should put all our eggs in their basket by releasing 10 new security bulletins:
Cumulative Security Update for Internet Explorer
Vulnerability in Windows Shell Could Allow Remote Code Execution
Vulnerability in NNTP Could Allow Code Execution
Vulnerability in SMTP Could Allow Remote Code Execution
Vulnerability in Compressed (zipped) Folders Could Allow Code Execution
Vulnerability in Microsoft Excel Could Allow Code Execution
Security Update for Microsoft Windows
Vulnerability in NetDDE Could Allow Remote Code Execution
Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service
Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service
7 of these are marked as critical while the NetDDE one - that allows remote code execution on 7 of their operating systems, including 2003 - only marked as important.
Of the 7 critical ones 5 affects Windows 2003 Server, their much hyped security in Windows 2003 is starting to look a bit like the much hyped Oracle 9i's "Unbreakable" claims.
gotta love those remote code execution vulns. see windows admin run to patch manually because SUS is busted. see Unix admin place one RPM in one central location and run one script to update all related machines. :)