The good news, if you can call it good news, is that only three of the 14 security bulletins are rated as Critical. The bad news is that all of the remaining 11 are still rated as Important, and some of the vulnerabilities addressed in the Important security bulletins could be very attractive to would-be attackers.
The 14 security bulletins are comprised of seven impacting Windows, five related to Microsoft Office, one dealing with Windows Media Player, and the consistent monthly update for Internet Explorer. As per usual, the flaws identified tend to impact legacy software like Windows XP and Internet Explorer 6 more than current products.
Another spark of good news is that it appears that Microsoft will issue a patch for the vulnerability exploited by the Duqu worm
. While the information in the security bulletin advance notification from Microsoft is intentionally vague, Rapid7
security researcher Marcus Carey points out that Bulletin 1 seems to address the same flaw being exploited, and that it requires a reboot--indicating that it is likely a kernel level patch.