Today we released seven security bulletins. Three have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability Index | Likely first 30 days impact | Platform mitigations and key notes |
|---|---|---|---|---|---|
| MS12-037(Internet Explorer) | Victim browses to a malicious webpage. | Critical | 1 | We are currently aware of limited attacks leveraging CVE-2012-1875. Likely to additionally see reliable exploits developed for subset of other vulnerabilities being addressed. | |
| MS12-036(Terminal Services) | Attacker sends malicious Remote Desktop Protocol (RDP) request to a victim running Terminal Services, potentially executing code in ring0 before authentication is required. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Server platforms (Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2) and Windows 7 SP1 vulnerable to remote code execution vulnerability. Windows XP, Windows Vista, and Windows 7 vulnerable to a denial-of-service variant only. |
| MS12-038(.NET) | Victim browses to a malicious intranet webpage that offers an XBAP application. | Critical | 1 | Vulnerability itself is exploitable (hence the “1” rating). However, XBAP is disabled on IE9 and also in the Internet Zone on earlier versions of Internet Explorer. Therefore, less likely to see wide-spread exploitation. | Silverlight not affected. ASP.Net not affected. |
| MS12-039(DLL Preloading in Lync client) | Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share. | Important | 1 | Exploiting DLL preloading cases is straightforward. Therefore, exploit code is likely to appear. | |
| MS12-042(Windows Kernel) | Attacker running code on a machine already elevates from low-privileged account to SYSTEM. | Important | 1 | Likely to see an exploit released granting a local attacker SYSTEM level access. | |
| MS12-041(Windows drivers [win32k.sys]) | Attacker running code on a machine already elevates from low-privileged account to SYSTEM. | Important | 1 | Likely to see an exploit released granting a local attacker SYSTEM level access. | |
| MS12-040(Dynamics) | Attacker sends victim a link exploiting a Cross-Site Scripting (XSS) vulnerability on a Dynamics server for which they have access rights. When the victim clicks the link, an automatic action is taken on their behalf on the Dynamics server that they otherwise might not have wanted to execute. | Important | 1 | Likely to see reliable exploits developed within next 30 days. |
- Jonathan Ness, MSRC Engineering