Only one fix comes with the dreaded “critical” tag. It affects Windows 2000, XP and Vista, as well as Windows Server 2003 and 2008 and will allow remote code execution if successfully exploited.
Microsoft remains tight-lipped when it comes to additional data about the exploit.
The other two updates are only rated “important” and are aimed at spoofing-related issues. One of the flaws only affects Windows Server 2003 and 2008, while the other is more generous and needs to be patched on every Windows OS available on the market.
All three patches will require a restart after installation.
In addition, Microsoft announced plans to release an updated version of its MSRT via its update services and download database.