From Eric Schultze, our patch expert:
Looks like MS06-040, MS06-041, MS06-042 are most "dangerous" in sense that they might be "wormable" in combination. Exploit code exists in the wild for MS06-040 - so this is the one that might be most important to install first. Although of these 12 bulletins, I'd say 9 or 10 of them are "very high priority" for testing and deployment ASAP. (Least concerned about MS06-044, MS06-045, MS06-049)
(** means exploit code exists for this issue)
** MS06-040 - Remote buffer overflow in Server Service. Exploit code exists in the wild for this issue - improtant to patch this one right away. Server service provides file an printer sharing and logon services to both workstations and servers. Only known workaround is to block ports 139 and 445. All Operating Systems at risk, although Windows 2000 systems may be most at risk. Different vuln than in MS06-035 (both must be installed to fully protect)
MS06-041 - DNS - Requires user to load/preview specially crafted email/website. Registry modification workaround is available in the security bulletin. This attack will only work on the local subnet. Potential worm combination. Affects all Windows releases.
** MS06-042 - IE rollup - fixes 7 vulns total of which 4 remotely exploitable - 1 publicly disclosed with proof of concept code. Will probably become a major spyware vector. Affects all supported IE versions.
** MS06-043 - Outlook Express 6/MHTML parse error - In order to be exploited, a user must view a malicious web page or read an evil html-formatted email. Publicly reported. Proof of concept code has been released.
MS06-044 - MMC embedded HTML parse error - Affects Windows 2000 only. IE6 SP1 lessens impact - In order to be exploited, a user must view a malicious web page or read an evil html-formatted email
MS06-045 - This is a bug in drag and drop event handling. This is rated important and impacts all Operating Systems. As a workaround, you can disable WebDAV to eliminate vuln until patch is applied. Requires user to OK several post-exploit actions in order to exploit a system
MS06-046 - This is a vulnerability in Active X HTML help control. As a workaround, you can disable HTML help, prompt for ActiveX. In order to be exploited, a user must view a malicious web page or read an evil html-formatted email. This exploit has been publicly disclosed, though no proof of concept code has been released at this time.
** MS06-047 - Visual Basic for Apps - Affects Office XP and Office 2000 and related components. In order to be exploited, a user must open a malicious Office document. This issue has been publicly disclosed and is being actively exploited on the Internet.
** MS06-048 - PowerPoint This issue affects Powerpoint 2000, XP, 2003 + Mac. In order to be exploited, a user must open a malicious Office document. This issue has been publicly disclosed and is being actively exploited on the Internet.
MS06-049 - Kernel issue. This impacts Windows 2000 only. Attacker must log on to the system in order to exploit this issue. This is a privilege escalation vulnerability where a user may elevate their permissions to that of administrator.
MS06-050 - Hyperlink Object Library. This affects all Operating Systems. A user must click malicious link in order to be exploited. As a workaround, you can disable hyperlink clicking via registry (though this may confuse users)
MS06-051 - remote kernel exploit. This affects all Operating Systems. 2 vulns - User profile elevation only affects Windows 2000 and requires the attacker to logon to the system. The second issue is an unhandled exception and requires user to visit malicious web site
