March Microsoft Patches

As expected, 3 patches released for 4 known vulnerabilities.  All of the security bulletins in this month’s update address remote code execution risks, which is the most serious risk associated with Windows systems and applications.  All three fixes in the March security update may require a restart.

Here is the breakdown:

  • MS11-015 – This one is rated as CRITICAL.  It affects Windows XP, Windows Vista, Windows 7 and Windows Server 2008.  One of the two vulnerabilities described by this bulletin is another DLL Preloading issue, similar to those patched in December and January.  This one affects Microsoft DirectShow in all supported versions of Windows. 
    • The second vulnerability addressed by this patch affects dvr-ms file format in all supported versions of Windows.
  • MS11-016 – This single vulnerability is another DLL Preloading issue, affecting Microsoft Groove 2007.  As with previous vulnerabilities, successful exploitation of this issue requires the attacker to entice the user to open a file from a WebDAV or SMB share.  Groove has now been integrated into SharePoint Workspace, and is an application for project management and workflow collaboration.  A specially crafted library file would have to be present for an attack to be successful.
  • MS11-017 – This single vulnerability is yet one more DLL Preloading issue, affecting the Microsoft Remote Desktop Client.  Again, successful exploitation of this issue requires the enticement of the user to open a file from a WebDAV or SMB share.

Exploiting the DLL flaws would require some work on the part of a attacker, requiring a user to take some odd steps, like opening up malicious files from SMB or WebDAV servers or shares.  The chatter among security experts seems to be more about what Microsoft didn’t include than what was actually patched.  Especially a critical MHTML flaw in Internet Explorer.  A workaround for the flaw has been released in security advisory 2501696 announced in January, so pressure is off to develop a patch.

Remote Code Execution is a serious issue.  Time to patch those systems, no matter how hard these may appear to be to exploit.