length: 00:15:41

11 bulletins: pulled 1, originally scheduled for 12

17 vulnerabilities: only 1 was public prior release

Most critical
MS08-008: Vulnerability in OLE Automation , allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation.

MS08-009: allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

MS08-010: IE, the most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.

MS08-013: allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document.

The IE vulnerability was a 0day exploit was known to somebody, used in targeted attack

DoS

Privilege escalation

Remote exec

ISS-serverside MS08-006

Worm related vulnerabilities are relatively infrequent, nowadays

IE related vulnerability are much more important

It’s more than 1 year that we seen self replicating malware

Nowadays malware write try to be under the radar

M$ might group together security bulletin for services that require reboot

Lately most of the vulnerability are application vulnerabilities