Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
(C Runtime [msvcrt.dll])
CVE-2012-0014 does not affect any ASP.NET scenario running at Medium Trust or Lower.
(Kernel Mode Drivers)
The other vulnerability is exploitable for local elevation of privilege on 64-bit platforms only.
Only affects Windows Server 2008 and Windows Server 2008 R2 because the DLL was removed. However, DLL Preloading vulnerabilities like this one are less likely to be exploited on server platforms due to the extensive user interaction required.
- Jonathan Ness, MSRC Engineering