Today we released nine security bulletins addressing 16 CVE’s. Three of the bulletins have a maximum severity rating of Critical and the other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
All active attacks we have seen leveraged MSXML version 3. MSXML versions 3, 4, and 6 are addressed with this update. MSXML 5 will be addressed in a future security update.
Read this SRD blog post for more information about the mitigating factors making the MSXML 5 less severe than other versions of the product.
(DLL Preloading in Visual Basic for Applications [VBA])
Affects only a subset of locales where IMESHARE.DLL is not present by default, primarily far eastern locales. Does not, for example, affects English locale installations by default.
(Windows drivers [win32k.sys])
(SSL / TLS)
(Mac Office installer)
Today we’re releasing Security Advisory 2719662, which allows system administrators to disable the Windows Sidebar and Gadgets on supported versions of Windows Vista and Windows 7 with one Fix it click. And we are releasing Security Advisory 2728973 announcing the availability of an update that moves additional certificates into the Untrusted Certificate Store. This SRD blog post provides additional information about the digital certificates advisory.
- Jonathan Ness, MSRC Engineering