Four of the six security bulletins are rated as Critical by Microsoft, with the remaining two ranked as Important. The Critical security bulletins include a fix for Windows and the .NET framework, as well as the perennial favorite--the cumulative update for . The biggest deal, though, is MS12-027, which addresses a critical flaw in Windows Common Controls.

Andrew Storms, director of security operations for , declares MS12-027 is the "deploy now" patch of the month. The Windows Common Controls are widely used throughout the Microsoft ecosystem, so there isn't much that isn't potentially impacted by this one.

Storms adds, "It gets worse: Microsoft has already seen exploits for this vulnerability in the wild in limited attacks."

In , VMware's Jason Miller explains that the MS12-027 flaw can be exploited by simply visiting a malicious website using Internet Explorer, or by opening a file attachment with an embedded malicious ActiveX control.

Miller agrees with Storms, and emphasizes, "As Microsoft has already seen active exploits against this vulnerability and it contains a Web browsing scenario, it will be critical to push this patch out to your desktop systems as soon as possible."