Assessing risk for the February 2012 security updates - Security Research & Defense - Site Home

Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Bulletin	Most likely attack vector	Max Bulletin Severity	Max Exploit-ability	Likely first 30 days impact	Platform mitigations and key notes
MS12-010 (Internet Explorer)	Victim browses to a malicious website.	Critical	1	Likely to see exploit code developed in next 30 days.
MS12-013 (C Runtime [msvcrt.dll])	Victim browses to a malicious website or opens a malicious media file.	Critical	1	Likely to see exploit code developed in next 30 days.	See this blog post for more information about the attack surface.
MS12-016 (.NET, Silverlight)	Victim browses to a malicious website with a Silverlight-enabled browser.	Critical	1	Likely to see exploit code developed in next 30 days.	CVE-2012-0015, the publicly disclosed vulnerability, does not affect Silverlight or the latest version of the .NET Framework. CVE-2012-0014 does not affect any ASP.NET scenario running at Medium Trust or Lower.
MS12-008 (Kernel Mode Drivers)	Attacker logs-in locally to a machine and exploits the vulnerability to elevate to a higher privilege level.	Critical	1	Likely to see exploit code developed in next 30 days for local elevation of privilege.	The only Critical-class vulnerability addressed in this bulletin is much more difficult to exploit. It has a “2” Exploitability Index Rating.
MS12-009 (AFD.sys)	Attacker logs-in locally to a machine and exploits the vulnerability to elevate to a higher privilege level.	Important	1	Likely to see exploit code developed in next 30 days for local elevation of privilege.	One of the two vulnerabilities affects only Windows Server 2003. The other vulnerability is exploitable for local elevation of privilege on 64-bit platforms only.
MS12-015 (Visio Viewer)	Victim opens a malicious Visio document (VSD) in Visio Viewer.	Important	1	Likely to see an exploit developed in next 30 days.	Visio itself is not affected, only the Viewer.
MS12-011 (SharePoint)	Attacker sends victim a link exploiting a Cross-Site Scripting (XSS) vulnerability on a SharePoint server for which they have access rights. When the victim clicks the link, an automatic action is taken on their behalf on the SharePoint server that they otherwise might not have wanted to execute.	Important	1	Likely to see a XSS exploit developed in next 30 days (no exploit here for code execution on the SharePoint server itself).	The IE XSS Filter (on by default on IE8 and IE9) blocks attempts to exploit these vulnerabilities.
MS12-014 (Indeo)	Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share.	Important	1	Likely to see an exploit developed in next 30 days.	You can read more background on this DLL Preloading vulnerability and the fix method on this SRD blog post.
MS12-012 (ColorUI)	Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share.	Important	1	Likely to see an exploit developed in next 30 days.	Does not affect client SKU’s (XP, Windows 7, etc). Only affects Windows Server 2008 and Windows Server 2008 R2 because the DLL was removed. However, DLL Preloading vulnerabilities like this one are less likely to be exploited on server platforms due to the extensive user interaction required.

- Jonathan Ness, MSRC Engineering