Microsoft Releases Patches for Office, Windows
Modernizing Authentication — What It Takes to Transform Secure Access
Microsoft's Patch Tuesday is a relatively minor one, with a single bulletin rated "critical" and two "important." Affected software includes applications within Windows and Office.
The MS11-015 update, rated "Critical," patches vulnerabilities in DirectShow, Windows Media Player and Windows Media Center. In order for an outside entity to exploit said vulnerabilities, the user would need to open a specially crafted Microsoft Digital Video Recording (DVR-MS) file.
"The lone critical issue this month -- the DVR-MS vulnerability -- will be somewhat trivial for attackers to exploit," Joshua Talbot, security intelligence manager for Symantec Security Response, wrote in a March 8 e-mail. "It also allows attackers to skip a few of the traditional steps needed to get malicious code to execute on a targeted computer. This is because when processing DVR-MS files, Windows Media Player and Media Center use data in these files themselves to determine what code in memory gets executed."