Today we released nine security bulletins addressing 13 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
(Remote Desktop Client ActiveX control)
Does not affect version 8 of the RDP client, distributed by default with Windows 8 and Windows Server 2012 and available for Windows 7 SP1 and Windows Server 2008 R2 SP1.
(Active Directory DoS)
(Windows Defender Anti-malware)
Unlikely to see wide-spread infection as low privileged users do not have permission to write to root of system drive by default.
(SharePoint Server 2013)
Unlikely to see wide-spread use of this vulnerability as it only affects SharePoint sites that were created in a non-default way.
Sites created on a clean/new installation of SharePoint Server 2013 or sites created using the default user interface after a SharePoint Server upgrade are not affected.
Unlikely to see wide-spread infection as only non-default scenario affected for potential code execution.
- Jonathan Ness, MSRC Engineering