Microsoft Security Bulletin Summary for December 2012 contains seven bulletins; five critical and two important. The key take away for this month's patch cycle is that most of the impact related to these vulnerabilities can be drastically minimized if the “least privilege” principle is enforced in organizations. It's always a good idea to look at the proliferation of administrative accounts, and many organizations can bring in the new year with fresh patches and limiting their administrative accounts.
MS12-077 is a cumulative security update for Internet Explorer and should be the first to-do. This security update resolves three privately reported vulnerabilities in Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same rights as the victim. Since many users run with unnecessarily escalated privileges, attackers frequently achieve administrative rights by tricking a victim into visiting a malicious site.
MS12-079 is a critical bulletin that affects Microsoft Office. This one is interesting from an attacker perspective as a victim can be compromised if they preview or open an email message in Outlook while using Microsoft Word as the email viewer. Since it involves Outlook, which is a primary business tool in many organizations, this would be number two on my to-do list.
MS-080 is interesting because it fixes vulnerabilities in Microsoft Exchange Server 2007 Service Pack 3, Microsoft Exchange Server 2010 Service Pack 1, and Microsoft Exchange Server 2010 Service Pack 2. The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could compromise an Exchange server if a user previews a malicious file using Outlook Web App (OWA). The attacker would have limited privileges, but it is fairly trivial to escalate privileges for experienced attackers.
MS-078 affects all Windows platforms and requires an attacker to convince users to visit a malicious website. This type of attacker usually involves social engineering and phishing emails.
MS-081 is also rated as a critical Windows update that will affect most consumers and enterprises. The attacker could exploit a victim if the user browses to a folder that contains a file or subfolder that contains a specially crafted name. The security update addresses the vulnerability by modifying the way that Windows handles files with specially crafted names.
MS-082 is rated as important and affects all supported Microsoft operating systems except for Windows RT. The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. This type of vulnerability is primed for spear phishing attacks, though an attacker would be limited initially to the victim’s privileges.
MS-083 is important, but only affects Windows Server 2012 and Windows Server 2008 R2. It could allow an attacker to bypass authentication with revoked credentials. While it sounds interesting, this attack shouldn't affect most organizations since it is such a narrow attack vector.