Microsoft’s Patch Tuesday is a relatively minor one, with a single bulletin
rated “critical” and two “important.” Affected software
includes applications within Windows and Office.
MS11-015 update, rated “Critical,” patches vulnerabilities in
DirectShow, Windows Media Player and Windows
Media Center.
In order for an outside entity to exploit said vulnerabilities, the user would
need to open a specially crafted Microsoft Digital Video Recording (DVR-MS)
file.
“The lone critical issue this month — the DVR-MS vulnerability — will be
somewhat trivial for attackers to exploit,” Joshua Talbot, security
intelligence manager for Symantec Security Response, wrote in a March 8 e-mail.
“It also allows attackers to skip a few of the traditional steps needed to
get malicious code to execute on a targeted computer. This is because when
processing DVR-MS files, Windows Media Player and Media
Center use data in these files
themselves to determine what code in memory gets executed.”
For more, read the eWEEK article: Microsoft Patches Windows, Office Vulnerabilities.