On Tuesday Microsoft released it’s March security update with one “critical” and two “important” patches for eight vulnerabilities. With the security update, Microsoft has also released an updated version of the Microsoft Windows Malicious Software Removal Tool (MSRT) on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Microsoft
The bulletin ID MS09-006 fixes “critical” vulnerabilities in Windows Kernel that could allow remote code execution if a user views a maliciously crafted EMF or WMF image file from an affected system. This security update is for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
The bulletin ID MS09-007 fixes a “important” vulnerability in the Secure Channel (SChannel) that could allow spoofing when the attacker gains access to the certificate used by the end user for authentication. This security update is for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
The bulletin ID MS09-008 also fixes “important” vulnerabilities in the Windows DNS server and Windows WINS server which could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. This security update is for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008.
More info: http://www.microsoft.com/technet/security/bulletin/ms09-mar.mspx