Today we released seven security bulletins addressing 12 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Bulletin | Most likely attack vector | Max Bulletin Severity | Max XI | Likely first 30 days impact | Platform mitigations and key notes |
MS12-077
(Internet Explorer) |
Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Internet Explorer versions 6, 7, 8 offered this update only to block a defense-in-depth attack vector whereby an attacker could convince a victim to trigger a XSS vulnerability by copy-pasting JavaScript into the URL field. |
MS12-079
(Word) |
Victim opens a malicious RTF file attachment or previews a rich text email in the Outlook preview pane with Word set as default viewer, resulting in potential code execution in the context of the logged-on user. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Reading email in plaintext mitigates the potential Outlook Preview Pane attack vector. |
MS12-081
(Windows File Handling) |
Victim navigates to a malicious WebDAV or SMB share and encounters a maliciously-crafted Unicode filename. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | |
MS12-078
(Windows font drivers – ATMFD & win32k.sys) |
Most likely attack vector is an attacker who is already running code on a machine leverages vulnerability to elevate from low-privileged account to SYSTEM. | Critical | 1 | Likely to see an exploit released granting a local attacker SYSTEM level access. | One of the two CVE’s usable for denial-of-service only. The other (CVE-2012-4786) could potentially be embedded in either an Office document or a PDF file. |
MS12-080
(Oracle Outside In for Exchange) |
Attacker sends email with malicious attachment and lures victim to view the attachment as a webpage within Outlook Web Access. The attacker could potentially compromise the server-side process generating the web page. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Oracle Outside In process runs at a lower privilege level, LocalService. For more background information, please see this SRD blog post. |
MS12-082
(DirectPlay) |
Victim opens a malicious Office document having an embedded ActiveX control, resulting in potential code execution in the context of the logged-in user. | Important | 2 | Will be difficult to build a reliable exploit for this vulnerability. Less likely to see consistently working exploit code in the next 30 days. | |
MS12-083
(IP-HTTPS Security Feature Bypass) |
Attacker having a legitimately issued but hence revoked computer certificate able to establish a DirectAccess tunnel to gain access to a corporate Intranet. | Important | N/A | Not Applicable – Security Feature bypass only with no direct code execution potential. | This attack is only possible after attacker obtains a revoked computer certificate that is trusted by the IP-HTTPS server. |
– Jonathan Ness, MSRC Engineering