Today we released seven security bulletins addressing 12 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max XI | Likely first 30 days impact | Platform mitigations and key notes |
|---|---|---|---|---|---|
| MS12-077(Internet Explorer) | Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Internet Explorer versions 6, 7, 8 offered this update only to block a defense-in-depth attack vector whereby an attacker could convince a victim to trigger a XSS vulnerability by copy-pasting JavaScript into the URL field. |
| MS12-079(Word) | Victim opens a malicious RTF file attachment or previews a rich text email in the Outlook preview pane with Word set as default viewer, resulting in potential code execution in the context of the logged-on user. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Reading email in plaintext mitigates the potential Outlook Preview Pane attack vector. |
| MS12-081(Windows File Handling) | Victim navigates to a malicious WebDAV or SMB share and encounters a maliciously-crafted Unicode filename. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | |
| MS12-078(Windows font drivers - ATMFD & win32k.sys) | Most likely attack vector is an attacker who is already running code on a machine leverages vulnerability to elevate from low-privileged account to SYSTEM. | Critical | 1 | Likely to see an exploit released granting a local attacker SYSTEM level access. | One of the two CVE’s usable for denial-of-service only. The other (CVE-2012-4786) could potentially be embedded in either an Office document or a PDF file. |
| MS12-080(Oracle Outside In for Exchange) | Attacker sends email with malicious attachment and lures victim to view the attachment as a webpage within Outlook Web Access. The attacker could potentially compromise the server-side process generating the web page. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Oracle Outside In process runs at a lower privilege level, LocalService. For more background information, please see this SRD blog post. |
| MS12-082(DirectPlay) | Victim opens a malicious Office document having an embedded ActiveX control, resulting in potential code execution in the context of the logged-in user. | Important | 2 | Will be difficult to build a reliable exploit for this vulnerability. Less likely to see consistently working exploit code in the next 30 days. | |
| MS12-083(IP-HTTPS Security Feature Bypass) | Attacker having a legitimately issued but hence revoked computer certificate able to establish a DirectAccess tunnel to gain access to a corporate Intranet. | Important | N/A | Not Applicable - Security Feature bypass only with no direct code execution potential. | This attack is only possible after attacker obtains a revoked computer certificate that is trusted by the IP-HTTPS server. |
- Jonathan Ness, MSRC Engineering