Today we released eight security bulletins. Two have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes
MS11-081
(Internet Explorer)
Victim browses to a malicious website. Critical 1 Likely to see reliable exploits developed in the next 30 days.  
MS11-078
(Silverlight, .NET framework)
Victim browses to a malicious webpage with Silverlight-enabled browser. Critical 1 Likely to see reliable exploits for Silverlight 3 in next 30 days. Underlying issue present in .NET Framework and later versions of Silverlight (4+) but more difficult to exploit for code execution.
MS11-077
(Win32k.sys)
Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level. Important 1 Likely to see an exploit developed for local elevation of privilege in next 30 days.  
MS11-080
(AFD.sys)
Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level. Important 1 Likely to see an exploit developed for local elevation of privilege in next 30 days. Vista and later platforms not affected due to IO manager hardening.
MS11-075
(DLL Preloading)
Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share. Important 1 Likely to see reliable exploits developed in the next 30 days.  
MS11-076
(DLL Preloading)
Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share. Important 1 Likely to see reliable exploits developed in the next 30 days.  
MS11-079
(Forefront Unified Access Gateway [UAG])
Attackers sends malicious XSS link to a Forefront UAG administrator. Admin clicks link which takes action on the UAG portal in the admin’s context. Important 1 Likely to see exploit for information disclosure released in next 30 days.  
MS11-082
(Host Integration Server)
Attacker sends malicious stream of network packets to Host Integration Service causing a denial of service. Important 3 Any exploit developed could only be used for denial of service.  

- Jonathan Ness, MSRC Engineering