Half of the bulletins contain "Critical" vulnerabilities, which generally means some miscreant could have the ability to not only remotely insert malware or crash your system - but someone could create a worm that wrecks havoc. The second half of bulletins are ranked as "Important," which also means that, in many cases, they're remotely exploitable and that data can be snooped on, changed, or lead to a denial-of-service attack. Critical is Microsoft's highest rating, while Important is its second highest rating just above moderate and low.
These flaws affect many versions of Windows and Microsoft Office, including office that runs on OS X. It looks like most updates will require a reboot, which never makes for a fun second Tuesday of the month.
While enterprises are gearing their patch management software for next week, they'll also want to make certain that they include Adobe Shockwave Player. Earlier this week Adobe announced that "Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. Adobe's bulletin succinctly sized up the risk:
The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.
Updating sounds like good advice, both now for the Adobe flaw, and next week after Microsoft releases November's batch.
