Today we released eight security bulletins. Two have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability | Likely first 30 days impact | Platform mitigations and key notes |
|---|---|---|---|---|---|
| MS11-081 (Internet Explorer) | Victim browses to a malicious website. | Critical | 1 | Likely to see reliable exploits developed in the next 30 days. | |
| MS11-078 (Silverlight, .NET framework) | Victim browses to a malicious webpage with Silverlight-enabled browser. | Critical | 1 | Likely to see reliable exploits for Silverlight 3 in next 30 days. | Underlying issue present in .NET Framework and later versions of Silverlight (4+) but more difficult to exploit for code execution. |
| MS11-077 (Win32k.sys) | Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level. | Important | 1 | Likely to see an exploit developed for local elevation of privilege in next 30 days. | |
| MS11-080 (AFD.sys) | Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level. | Important | 1 | Likely to see an exploit developed for local elevation of privilege in next 30 days. | Vista and later platforms not affected due to IO manager hardening. |
| MS11-075 (DLL Preloading) | Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share. | Important | 1 | Likely to see reliable exploits developed in the next 30 days. | |
| MS11-076 (DLL Preloading) | Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share. | Important | 1 | Likely to see reliable exploits developed in the next 30 days. | |
| MS11-079 (Forefront Unified Access Gateway [UAG]) | Attackers sends malicious XSS link to a Forefront UAG administrator. Admin clicks link which takes action on the UAG portal in the admin’s context. | Important | 1 | Likely to see exploit for information disclosure released in next 30 days. | |
| MS11-082 (Host Integration Server) | Attacker sends malicious stream of network packets to Host Integration Service causing a denial of service. | Important | 3 | Any exploit developed could only be used for denial of service. |
- Jonathan Ness, MSRC Engineering