The other three updates target Crystal Reports for Visual Studio, Windows Services for UNIX and MSN/ Windows Live Messenger and are rated “important”.
The vulnerability in Crystal Reports for Visual Studio is also related to remote code execution and it’s likely to kick in if a user opens a specially crafted RPT file. The above-stated “less rights, less trouble” policy still applies.
The next update aims to fix a flaw in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications, which allows an attacker to gain elevation of privilege if the user runs certain setuid binary files.
The last vulnerability on September’s fix list targets MSN Messenger and Windows Live Messenger. The flaw allows remote code execution and could allow the attacker to take complete control of the affected system. All the user has to do is to accept a video chat invitation from an attacker.