Eight of the bulletins are rated critical and allow remote code execution, the other five are important.
Let's start with the Windows bulletins.
The previously disclosed SMBv2 issue has now been fixed. The bulletin applies only to Vista and Server 2008 as far as supported versions of Windows are concerned, although prerelease versions of Windows 7 are apparently affected too. Server 2008 R2 does not suffer from the vulnerability.
A pair of bulletins address vulnerabilities in Windows Media Runtime and Windows Media Player. Maliciously crafted content can gain the same rights as the current user. These issues apply to Windows 2000, XP, Server 2003, Vista and Server 2008 (for those last two, only the Windows Media Runtime issue).
A cumulative update for Internet Explorer plugs four holes that can be exploited by maliciously crafted web pages. The update is required for Internet Explorer 6, 7 and 8, and by all currently supported versions of Windows, including Windows 7.
This month's cumulative update of ActiveX kill bits continues to address issues caused by the Active Template Library security issue. All supported versions of Windows are affected, but the issue is less important on Windows Server, Vista, and Windows 7.
Multiple issues in the .NET common language runtime can be exploited via a web browser of Silverlight applications. The bulletin is rated as critical or important for all supported versions of Windows.
Multiple vulnerabilities in GDI+ that could be exploited via malicious image files have been fixed. Vista SP2, Server 2008 SP2, and Windows 7 are unaffected.
Turning to the less serious matters, the five important bulletins all concern Windows.
A pair of publicly disclosed vulnerabilities in IIS's FTP service (which were acknowledged by Microsoft last month) have been fixed. IIS versions 5.0, 5.1, 6.0 and 7.0 are all affected, so there are updates for all supported versions of Windows except Windows 7 and Server 2008 R2.
Two vulnerabilities in Windows CryptoAPI that could allow spoofing have been addressed in all currently supported versions of Windows.
More on the Patch Tuesday updates (and more!) on page 2.
An Indexing Service vulnerability that could be exploited via a malicious web page to gain access to the system has been fixed in Windows 2000, XP, Server 2003. Vista, Windows 7 and Server 2008 are not affected.
A vulnerability in the Local Security Authority subsystem could allow a denial of service attack. This bulletin relates to Windows XP, Server 2003, Vista, Server 2008, Windows 7, and Server 2008 R2.
As for Office, a single bulletin concerns ActiveX controls that were built using a vulnerable version of the Active Template Library. Office XP, 2003 and 2007 are all affected, and the issue is regarded as critical on all three versions. The various Visio viewers are similarly affected.
Other software that may require updating in relation to this month's bulletins includes various versions of SQL Server, Silverlight, Visual Studio, Report Viewer, and Forefront Client Security.
Microsoft has also released the customary updates for the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter, along with a cumulative update for Media Center for Vista, a reliability update for Windows 7 and Windows Server 2008 R2, and a cumulative update for Media Center TVPack for Vista.
Between September's and October's Patch Tuesdays, Microsoft released a root certificate update for XP, an update for Windows Home Server, the System Update Readiness Tool for Vista and Server 2008, a pair of application compatibility updates for Windows 7 and Server 2008 R2, and a new installation of Internet Explorer 8 for XP systems using Language Interface Packs.