A large number of Windows and Office vulnerabilities will be fixed by Microsoft

Microsoft Windows is a very popular operating system released by Microsoft. A remote code execution vulnerability exists in the MFC component provided by Microsoft Windows. When a user interacts with a malformed embedded OLE object in an RTF file, it can cause memory corruption and execute arbitrary code on the user's system. To this end, Microsoft is constantly releasing new security patch updates on Tuesdays. It is reported that on Tuesday, Microsoft released its November security patch update, which fixes 15 vulnerabilities in Windows, Windows Server, Office and other software. .
It is understood that in November, Microsoft released a six-month security bulletin, three of which are the highest severity level, and the other three are important levels, repairing a large number of vulnerabilities in Windows and Office suites.
In these 15 security bulletins, the MS09-065 announcement is the most critical. A total of 3 vulnerabilities in the Windows kernel have been fixed. One of the vulnerabilities can affect the Windows kernel's parsing of embedded OpenType fonts. This vulnerability is the most critical. Because this vulnerability has been made public before Microsoft issued the announcement.
Jason Miller, head of data and security team at Shavlik Technologies, said that an attacker could exploit this vulnerability to remotely execute malicious code and use embedded fonts to create a malicious web page that would allow an attacker to control a user's computer.
In addition, the MS09-063 security bulletin fixes a vulnerability in Windows Vista and Windows Server 2008 that can affect Web services in the Devices API (WSDAPI).
Finally, there is also a MS09-064 security bulletin for fixing Windows kernel vulnerabilities, which addresses a privately reported vulnerability in Windows 2000 that could allow an attacker to remotely execute arbitrary code and successfully exploit this vulnerability. The victim's system can be fully controlled.
The following is the details of the November security bulletin released by Microsoft:
#1, Announcement No.: MS09-063(KB973565)
Detail: MS09-063 security bulletin solves the Web Services on Windows operating system A secretly reported vulnerability in the Devices Application Programming Interface (WSDAPI). This vulnerability could lead an attacker to execute arbitrary code remotely if the affected Windows system receives a specially crafted packet. However, only an attacker on the local subnet can exploit this vulnerability.
Security Level: Critical
Affected Software: 32-bit and 64-bit Windows Vista SP2/Server 2008 SP2