Assessing risk for the April 2012 security updates - Security Research & Defense - Site Home

Today we released 6 security bulletins. Four have a maximum severity rating of Critical with the other two addressing Important class vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Bulletin	Most likely attack vector	Max Bulletin Severity	Max Exploit-ability Rating	Likely first 30 days impact	Platform mitigations and key notes
MS12-027 (Windows Common Controls)	Attackers have leveraged this vulnerability in limited, targeted attacks by emailing malicious RTF file to victims. Victim opens RTF in WordPad or Word, triggering code execution in context of logged-on user.	Critical	1	Limited, targeted attacks in the wild currently.	See this SRD blog post for more detail about this specific vulnerability, the targeted attacks we have seen, and security hardening advice for this class of attack.
MS12-023 (Internet Explorer)	Victim browses to a malicious webpage.	Critical	1	Likely to see reliable exploits developed within next 30 days.
MS12-024 (Authenticode)	Attacker tricks victim into running an executable that appears to be from a trusted source and passes Authenticode check but is actually malicious.	Critical	1	Likely to see reliable exploits developed within next 30 days.
MS12-025 (.NET Framework)	Victim browses to a malicious website that attempts to run a .NET XBAP managed code application on the victim’s system. A security warning will prevent unwitting execution of XBAP applications in the Internet Zone.	Critical	1	Less likely to see significant real-world exploitation due to security warning. Likely to see working proof-of-concept code within next 30 days.	See this SRD blog post for more detail about this security prompt (introduced with MS11-044).
MS12-028 (Office Works Converter)	Victim opens malicious .WPS file.	Important	1	Less likely to see significant real-world exploitation due to limited set of affected products. Likely to see working proof-of-concept code within next 30 days.
MS12-026 (Forefront Unified Access Gateway [UAG])	On systems acting as both UAG and UAG DirectAccess server, remote attacker may be able to bypass UAG access checks and gain access to content served by the webserver that they otherwise might not have permission to access. This is a potential information disclosure vulnerability.	Important	N/A	Less likely to see significant real-world exploitation.

- Jonathan Ness, MSRC Engineering