1. MS04-038: Cumulative Security Update for Internet Explorer (834707)
2. MS04-037: Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
3. MS04-036: Vulnerability in NNTP Could Allow Code Execution (883935)
4. MS04-035: Vulnerability in SMTP Could Allow Remote Code Execution (885881)
5. MS04-034: Vulnerability in Compressed (zipped) Folders Could Allow Code Execution (873376)
6. MS04-033: Vulnerability in Microsoft Excel Could Allow Code Execution (886836)
7. MS04-032: Security Update for Microsoft Windows (840987)
8. MS04-031: Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
9. MS04-030: Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)
10. MS04-029: Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)

Susan Bradley has done a nice summary of each advisory, it's effects and how to patch it.

Lets have a look at MS04-038 for a start. It is a cumulative patch for eight IE vulns:

1. CSS Heap Memory Corruption Vulnerability - CAN-2004-0842:
2. Similar Method Name Redirection Cross Domain Vulnerability - CAN-2004-0727:
3. Install Engine Vulnerability - CAN-2004-0216:
4. Drag and Drop Vulnerability - CAN-2004-0839:
5. Address Bar Spoofing on Double Byte Character Set Systems Vulnerability - CAN-2004-0844:
6. Plug-in Navigation Address Bar Spoofing Vulnerability - CAN-2004-0843:
7. Script in Image Tag File Download Vulnerability - CAN-2004-0841:
8. SSL Caching Vulnerability - CAN-2004-0845:

The script in image tag file download vuln sounds juicy so I do a google search for CAN-2004-0841 and follow the link to the Security Tracker advisory (they are usually good).

From here I recommend IE users don't follow the links to:

1. http://freehost07.websamba.com/greyhats/hijackclick3.htm
2. http://www.malware.com/paul.html
3. http://www.malware.com/wottapoop.html

These are demo links which will either add a file to your favourites folder or your Startup folder. All this requires just one click from a user.

Lets move on shall we. You use firefox instead of the browser that fucks things up, so you think you are safe. The vulnerability in windows shell sounds like a good place to disprove that. The google search shows nothing, so I head on over to scurn (tick everything except Packetstorm) and find a reference to it at Secunia (they are quite good too). Unfortunately those links weren't very helpful so after some more poking around I found the original posts here and here. It looks like this one will work on IE and Mozilla, with the actual overflow in the Program Group converter.

Then there is the compressed folders vulnerability. This one was not previously disclosed but was 'responsibly' disclosed to the vendor and this is the first we are hearing about it. The actual eEye advisory has the juicy details. It requires a overflow in the zip file's filename.

The point here is that you have Microsoft releasing patches on the second Tuesday of each month. This month we have 7 out of 10 announcements being critical with a few very easy exploits. Last month we had the GDI+ exploit which people are still having trouble patching and required a third party tool for proper scanning. Thats a lot of critical vulns in a very short time. After checking out the dates on the above vulnerabilities I noticed that they were both originally disclosed in July.

THAT'S 3 MONTHS!
This means crackers have had access to this information and been honing the exploit, checking out their targets, looking for the one hole they need to break in while Microsoft's faithful customers have only just found out, and they need to close every potential hole.

The argument is that releasing patches on the second Tuesday makes it easier for companies to schedule their patching. Companies can have their own internal schedule, instead of sitting in the dark getting hacked while Microsoft does their business tasks for them. To be completely fair not all of the advisories are as bad as the IE one.

With popular open source software you often have a patch being provided with the original announcement, and if the creator of the software is snoozing, the community generally gets the patch out very quickly. This isn't guaranteed with open source, but it almost is with popular open source products.