Today we released thirteen security bulletins. Three have a maximum severity rating of Critical with the other ten having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Browser-based attack vector more difficult to both trigger and exploit than the Office document attack vector. Successful exploitation results in code running as SYSTEM.
See this SRD blog post for more information about attack vectors and workarounds.
IE7 and later have disabled this particular binary behavior already.
See this SRD blog post for more information about this binary behavior and why we are disabling it via a killbit security update.
Thanks to the entire MSRC Engineering team for the hard work on these cases!!
- Jonathan Ness, MSRC Engineering