Patch Tuesday March 2011

Microsoft is releasing a relatively low number of three security bulletins covering four vulnerabilities in March’s Patch Tuesday 2011.

Of the three bulletins, only one is of critical severity: MS11-015. It addresses a vulnerability in Windows Media Player that can be exploited when playing a specially crafted media file of type "dvr-ms". Microsoft normally rates this type of file format vulnerabilities as only "important" because user interaction is required. However this particular flaw has a component that allows for an attack through a browser link and allows its exploitation in automated "drive-by" fashion. We recommend patching immediately for MS11-015.

The remaining three vulnerabilities are all of the DLL pre-loading type and fix problems in DirectShow (MS11-015), Microsoft Office Groove 2007 (MS11-016) and RDP client (MS11-017). This current strain of DLL pre-loading vulnerabilities was first identified in August of 2010 and plagues a large number of software packages, some from Microsoft and many from third party vendors. Addressing all of the vulnerabilities is a daunting task and will not be completed any time soon, so we recommend implementing the guidelines laid out in KB2269637 that provide an additional safety-net on the operating systems for all Windows applications.

If this Patch Tuesday has left you with some time to spare, consider evaluating your installed base of Internet Explorer 6. At its web site, Microsoft is now actively campaigning for you to discontinue IE6: http://www.ie6countdown.com/ with the goal to get the current figure of 12% down to 1%. We still see much higher numbers in our scans with Q4 2010 still showing over 26% of machines sporting IE 6.