Gladiator Research and Security - » March Microsoft Patch Tuesday

Links

Other Posts: Adobe Reader, Acrobat and Flash Critical Updates; Adobe Reader Updates versions 9.4.2 and 10.0.1

March Microsoft Patch Tuesday

Posted on March 9th, 2011 by Benjamin Harbin

Microsoft has announced three new patches today to fix three vulnerabilities, including one that could allow remote code execution. One patch is rated Critical by Microsoft and affects Microsoft Windows. The two other patches are rated Important by Microsoft and affects Microsoft Windows and Microsoft Office. Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s March Security Bulletin. Summary information is included below:

Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) (MS11-015) – This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.

Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) (MS11-017) – This security update resolves a publicly disclosed vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.

Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047) (MS11-016) – This security update resolves a publicly disclosed vulnerability in Microsoft Groove that could allow remote code execution if a user opens a legitimate Groove-related file that is located in the same network directory as a specially crafted library file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Gladiator recommends that users patch their systems immediately for MS11-015. All other patches can be applied during your normal patch window.

Reference Links:

Microsoft Security Bulletin (https://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx)
SANS ISC Diary Entry (http://isc.sans.edu/diary.html?storyid=10510&rss)

Reader Comments

Sorry, comments are closed.