Microsoft’s September Security Updates will have a quite substantial 9 bulletins addressing a total of 13 vulnerabilities. Four bulletins have a rating of "Critical" and affect Windows XP, Windows 2003 and Vista. Once again, Windows 7 and Windows Server 2008 R2 are less problematic and are not affected by 3 of the 4 critical vulnerabilites and have a downgraded severity of "Important" for the last one.
Microsoft Office XP, 2003 and 2007 are affected by 2 bulletins, each carrying a severity of "Important", a pretty standard rating for common file format vulnerabilities, even though they allow the attacker to take control of the affected system.
I expect some of the bulletins to address DLL Hijacking issues in Microsoft’s own products, but it will be interesting to see if Microsoft will change its guidance for Hotfix KB2264107. Currently it is only at the advisory level and users have to make an active decision to get protection against DLL Hijacking in 3rd party applications..
As last month, Windows XP SP2 users do not have any patches supplied to them, even though the majority of updates for XP SP3 most likely apply to their discontinued version of the OS as well. Windows XP SP2 users should upgrade to SP3 as quickly as possible.