Looking at the Microsoft Security Bulletin for May 2012 just issued this afternoon I suspect we will see a lot of noise regarding Bulletins 1, 2 and 3. However, it would be dangerous for IT professionals to not take Bulletins 6 and 7 quite seriously simply because they relate to Elevation of Privilege. Their common misperception is that no attacker will ever gain the initial foothold needed to be able to perform elevation of privilege, which is to take limited control of a system and elevate it into full control of the system. However, in today’s aggressive times, the mature security professional recognized is that compromise in inevitable and containment is key. After all, it is not realistic to think you can contain someone if they have full control of your system Bulletins 1, 2 and 3 will receive a lot of attention because they relate to remote code vulnerabilities. Here is my order of excitement among them:
Bulletin 2 is especially interesting as it is remote code execution for Windows desktop operating systems, Windows Server operating systems, and the last three versions of the Microsoft Office suite. This really is a triple threat. It seems as though an attacker could take advantage of this vulnerability through e-mail based attacks, drive by downloads, and potentially across the network. That fact is probably going to boost this as the number one patch to be applied based on the information provided by today’s Advance Notification.
Bulletin 3 seems to be a classic remote code execution for Windows desktop and server operating systems. If this is truly exploitable it will most likely be easily dropped into the attack tools being used by the bad guys so they can leverage it very quickly and easily.
Bulletin 1 affects Microsoft Office and is our old friend, the client-side attack. Again, the attackers have frameworks built to leverage client-side vulnerabilities. If a working exploit for this vulnerability is created, expect to see an initial flurry of attacks leveraging it. All in all, seven bulletins is not a large load compared to other Patch Tuesdays. But there is enough here to keep exploit writers and network admins busy for a while. The real exciting element is seeing who will finish their work first.