by Chester Wisniewski
Two vulnerabilities are fixed in MS12-064, this months only critical bulletin. The flaws affect users of Microsoft Word and Word Viewer for Windows and can lead to remote code execution (RCE) if a victim were to open a booby-trapped document.
MS12-065 addresses an RCE vulnerability in Microsoft Works 9 and MS12-066 fixes an elevation of privilege (EoP) flaw in Microsoft Infopath, Sharepoint, Groove, Communicator and Lync.
Microsoft FAST Search Server for Sharepoint was patched against 13 RCE vulnerabilities in MS12-067, while Windows XP, 2003, 2008, 2008 R2, and 7 were patched against an EoP flaw in MS12-068.
MS12-069 resolves a denial of service (DoS) condition in Windows 7 and 2008 R2, while MS12-70 resolves an EoP flaw in Microsoft SQL Server 2000-2012.
Without a question the most serious of these is MS12-064, but as usual all these patches should be deployed as quickly as possible.
Perhaps you roll out these updates with the critical fixes Adobe released yesterday for Flash player.