Microsoft released 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments: MS10 - 052, 055, 056, MS10-060, 052, 060, 054, 053, 051, 049, 050, 057, 048, 058, 059, and 047none of the vulnerabilities addressed has been observed under exploit in the wild. In the video, Jerry Bryant and Adrian Stone talk about why these four are at the top of our priority list:
Microsoft posted an update about a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems—MSRC says that this's a "local elevation of privilege vulnerability only. This type of issue allows attackers to gain system-level privileges after they've already obtained an account on the target system. For this issue to be exploited, an attacker must have valid log-on credentials on target system and be able to log on locally, or must already have code running on target system. The vulnerability cann't be exploited remotely, or by anonymous users. We'll not be releasing a security advisory for this issue, but it'll be included in a future security update."