Microsoft has released the seven updates included in this month's Patch Tuesday cycle and addressing 12 vulnerabilities in Windows, Internet Explorer, Word and Windows Server. Microsoft recommends users to prioritize installation of two critical updates aimed at Internet Explorer and Microsoft Word.
Update MS12-077 is supposed to fix an Internet Explorer flaw that has been found in absolutely all versions of the browser.
"You'll notice there is no severity rating for IE versions prior to IE 9. On these versions, the update is a defense-in-depth change only. Although there are no known attack vectors for these versions, we still recommend that our customers using these versions apply the update."
Update MS12-079 is designed to fix a security vulnerability in Microsoft Word that would allow remote code execution.
"An attacker could run code in the context of the logged-on user if they were to open a specially crafted Rich Text Format (RTF) file, or preview or open a specially-crafted RTF email message in Outlook while using Microsoft Word as the email viewer. This issue was privately disclosed and were not aware of any attacks or customer impact."
Security Bulletin Summary