Microsoft released several security updates today – MS05-001, MS05-002 and MS05-003.
The first two are rated “critical” and the third is “important”.
MS05-001 is the most critical to reducing IE-based attack vectors. The HTML Help Control team updated the version of their control that fixes a critical vulnerability in that component. We are glad they were able to fix this vulnerability so quickly. Unfortunately, the XPSP2 security mitigations do not protect against the flaw in this control, so I encourage everybody to download the latest security updates from Windows Update and if possible turn on automatic updates so you get these updates without having to navigate to Windows Update.
Microsoft also released technology on Windows Update today that helps remove malicious software from your system if it has been infected. The Malicious Software Removal Tool is mainly targeted at consumers, but it can also be leveraged in the enterprise space via SMS. For more details, see http://www.microsoft.com/malwareremove.