As patch Tuesdays go it was fairly unremarkable. The only general Windows update labelled as 'critical' is for a flaw in Media Player. As usual, there's a cumulative update for Internet Explorer, and it does sound quite nasty - there are two critical script-related vulnerabilities and Secunia has already issued an advisory. Significantly, only versions of Internet Explorer versions 5 and 6 are affected. Version 7 is clean - which is welcome news as this is the first round of updates since the upgrade was pushed to world+dog last month as part of Windows Update.
Sans is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. The Visual Studio update is for version 2005. Sans indicate that there are already known exploits circulating for the SNMP vulnerability but currently none targetting the latest flaws in IE. However if you really have to use IE I recommend using a metabrowser such as Maxthon, Avant or SlimBrowser. Sans is recommending the Heise Offline Update utility covered in a previous story."