According to Microsoft, the company has already observed targeted malware attacks taking advantage of the MS12-027 vulnerability. In order to mitigate the risks posed by these currently circulating targeted attacks, the company is advising users to disable the ActiveX controls via the Trust Center Settings > ActiveX Settings, option.
The patched vulnerabilities are as follows:
- MS12-023 - Cumulative Security Update for Internet Explorer (2675157)
- MS12-024 - Vulnerability in Windows Could Allow Remote Code Execution (2653956)
- MS12-025 - Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
- MS12-027 - Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
- MS12-026 - Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
- MS12-028 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
The severity and exploitability of these flaws is as follows:
End and corporate users are advised to update their PCs as soon as possible to prevent the likelihood of a successful remote exploitation thanks to these vulnerabilities.