Today we released thirteen security bulletins addressing 47 CVE’s. Four bulletins have a maximum severity rating of Critical while the other ten have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes
MS13-069

(Internet Explorer)

Victim browses to a malicious webpage. Critical 1 Likely to see reliable exploits developed within next 30 days.
MS13-068

(Outlook)

Victim views or previews email having a large number of embedded S/MIME certificates. Critical 2 Unlikely to see reliable exploit code within 30 days. We’ve written a blog post describing the difficulty attackers would have in exploiting this for code execution: http://blogs.technet.com/b/srd/archive/2013/09/10/ms13-068-a-difficult-to-exploit-double-free-in-outlook.aspx
MS13-067

(SharePoint)

Attacker engaged in a session with victim SharePoint server tampers with the viewstate value used to maintain state, potentially resulting in code execution server-side. Critical 1 Likely to see reliable exploits developed within next 30 days. By default, SharePoint requires users (including attackers) to authenticate. This is not a pre-authentication vulnerability unless the SharePoint server is configured to not require authentication.
MS13-070

(OLE32)

Victim opens malicious Visio file. Critical 1 Likely to see reliable exploits developed within next 30 days. Most likely to be exploited via Visio attack vector. But vulnerability is also reachable via shell (Explorer) preview functionality.
MS13-072

(Word)

Victim opens malicious Word document. Important 1 Likely to see reliable exploits developed within next 30 days. Office 2013 not affected.
MS13-073

(Excel)

Victim opens malicious Excel spreadsheet. Important 1 Likely to see reliable exploits developed within next 30 days.  
MS13-074

(Access)

Attacker lures victim to double-clicking a malicious Access database (.accdb) Important 1 Likely to see reliable exploits developed within next 30 days.  
MS13-076

(win32k.sys)

Attacker who is already running code on a machine uses this vulnerability to elevate from low-privileged account to SYSTEM. Important 1 Likely to see reliable exploits developed within next 30 days.  
MS13-079

(Active Directory)

Attacker sends malicious LDAP request to a domain controller, resulting in a denial of service condition. Important n/a Denial of service only.  
MS13-071

(Windows Theme)

Attacker lures victim to double-clicking a malicious .theme file. Important 1 Likely to see reliable exploits developed within next 30 days. Does not affect Windows 7 or later platforms.
MS13-075

(IME)

Attacker who is already running code on a machine uses this vulnerability to elevate from low-privileged account to SYSTEM. Important 1 Likely to see reliable exploits developed within next 30 days.  
MS13-077

(Windows Service Control Manager)

Attacker able to modify the registry on a system uses this vulnerability to elevate from low-privileged account to SYSTEM. Important 2 Less likely to see reliable exploits developed within next 30 days.  
MS13-078

(FrontPage)

Victim opens malicious XML document in FrontPage, leads to information disclosure. Important n/a Information Disclosure only  

- Jonathan Ness, MSRC Engineering