Today we released nine security bulletins addressing 37 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other seven have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
Our repro is via Office document (Important class vector) not via ActiveX control but we believe the code is reachable via ActiveX.
(Kernel mode drivers [win32k.sys])
(SQL Server denial-of-service)
(.NET Framework 2.0 ASLR bypass)
(LRPC ASLR bypass)
- Jonathan Ness, MSRC