Let's start with Microsoft. There are nine , which resolve 26 different vulnerabilities. There are five rated as Critical--including a patch for Internet Explorer for the third consecutive month--and four Important.
Tyler Reguly, director of security research and development for , says, "The most interesting thing this month is the release of patches for two wormable issues, MS12-053 and MS12-054. These only affect the oldest-supported Windows platforms and really speaks well of the improvements Microsoft has made to their security efforts over the years."
Andrew Storms, director of security operations for nCircle agrees with Reguly, stressing the potential impact of MS12-053. "This one has the potential for serious impact because it is network aware and no authentication is required. If you have XP on your network, then get the mitigations for this one installed ASAP."
This is particularly relevant considering the imminent release of Windows 8. Microsoft and security experts have been stressing for years that older Windows platforms and software may still work in the technical sense, but they simply . Businesses and consumers alike should seriously consider taking advantage of the .
In his blog, CTO Wolfgang Kandek describes MS12-060. " fixes a vulnerability that is already being exploited in the wild. The vulnerability is located in the Windows Common Control and can be triggered through Office documents and through malicious web pages. The currently known attacks have been targeting Word and WordPad through RTF files attached to e-mail messages."
Storms points out the silver lining for MS12-060. "There is some good news this month--that the attack vector associated with the MSCOMCTL patch is an RTF file--and the victim has to explicitly open the file to allow the exploit. If you can't get this patch rolled out or mitigation applied quickly, you should remind users about the dangers of opening attachments from unknown persons."
As if the Microsoft security bulletins aren't enough to keep IT busy for a while, of Adobe Acrobat, Reader, Shockwave, and Flash to patch security holes in those products as well.
Check out the details of the Microsoft and Adobe security bulletins to figure out which ones apply to you, and prioritize the patches that are most critical or have the greatest potential to impact your PCs.