Today we released 13 security bulletins. Two have a maximum severity rating of Critical, nine have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability | Likely first 30 days impact | Platform mitigations and key notes |
|---|---|---|---|---|---|
| MS11-057 (IE) | Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | |
| MS11-058 (DNS Server) | Attacker sends name resolution request to victim DNS server that is configured to issue requests to a malicious DNS server. Response from malicious DNS server to victim DNS server is improperly handled, resulting in denial of service on victim DNS server. | Critical | 3 | Unlikely to see exploits developed in next 30 days. | See SRD blog post for more information about exploitability and affected configurations (not all DNS servers will be vulnerable to potential attacks). |
| MS11-063 (CSRSS) | Attacker running code on a machine already elevates from low-privileged account to SYSTEM. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | |
| MS11-062 (NDISTAPI) | Attacker running code on a machine already elevates from low-privileged account to SYSTEM. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | Windows Vista and later platforms not affected. |
| MS11-064 (TCP/IP DoS) | An attacker sends malicious network request causing victim system to bugcheck (blue screen). | Important | 3 | No exploit possible for code execution. This vulnerability has potential for denial-of-service only. | |
| MS11-065 (RDP) | An attacker sends a malicious remote desktop protocol connection request to victim that allows incoming remote desktop connections, causing victim’s system to bugcheck (blue screen). | Important | 3 | No exploit possible for code execution. This vulnerability has potential for denial-of-service only. | |
| MS11-060 (Visio) | Victim opens a malicious Visio document (VSD). | Important | 1 | Likely to see reliable exploits developed within next 30 days. | |
| MS11-066 (Chart Web Control) | An attacker targets a website that uses the Microsoft Chart Web Control. Attacker sends web request that incorrectly reveals content of file stored on the web server. | Important | 3 | No exploit possible for direct code execution. This vulnerability has potential for information disclosure only. | Websites not using the Microsoft Chart Control are not vulnerable. |
| MS11-067 (Report Viewer Web Control XSS) | Victim clicks a link with embedded Javascript causing the script to run in the context of the web site to which the link points. Target web site must have incorporated the Microsoft ReportViewer control. | Important | 3 | No exploit possible for direct code execution. This vulnerability has potential for information disclosure only. | Websites not using the Microsoft Report Viewer control could not be used to facilitate attack. |
| MS11-061 (Remote Desktop Web Access Login Page XSS) | Victim clicks a link with embedded Javascript causing the script to run on the victim system in the context of the remote desktop web access server. | Important | 1 | Likely to see a XSS exploit, causing victim to run attacker-controlled Javascript in context of an internal Remote Desktop Web Access webpage. | |
| MS11-059 (DLL Preloading) | Victim browses to a malicious WebDAV or SMB share and opens Excel file that leverages MDAC to retrieve external data. Victim clicks through security dialog causing Excel to load a malicious DLL housed on the same WebDAV or SMB share. | Important | 1 | While exploiting DLL preloading cases is normally straightforward, we rarely see them exploited in the wild due to user interaction requirement. | |
| MS11-068 (Kernel) | Attacker already able to run code on a machine causes the machine to bugcheck (blue screen) | Moderate | n/a | No exploit possible for code execution. This vulnerability has potential for local denial-of-service only. | |
| MS11-069 (.NET Framework) | Victim browses to a malicious website that attempts to run a .NET XBAP managed code application on the victim’s system. A security warning will prevent unwitting execution of XBAP applications in the Internet Zone. | Moderate | n/a | Less likely to see real-world exploit due to security warning. |
- Jonathan Ness, MSRC Engineering