Today Microsoft published its November list of security bulletins. There is only one, but it's designated as a Critical update. The vulnerability spelled out in MS05-053 affects users running Windows 2000, Windows XP, Windows XP x64 edition, Windows Server 2003 (but not Windows Server 2003 SP1), and Windows Server 2003 x64 edition. Not affected are Windows 98, Windows 98 SE, and Windows Me. The MS05-053 patch is available via Microsoft Update.
Entitled "Vulnerabilities in Graphics Rendering Engine," this update fixes vulnerabilities in the Windows Metafile (WMF) and Enhanced Metafile (EMF) files when processed by the Windows Graphics Rendering Engine. Criminal attackers could exploit flaws within these files by placing a malicious file on a Web site, embedding a file within a Microsoft Office document that is shared on a network, or within an HTML e-mail.