First let’s start off by asking the question that is on everyone’s mind this day each month. Did you update your computer with the Patch Tuesday updates that were released by Microsoft today?
This was a small batch – just three updates as we previously discussed. Now more of the details are out since the updates are publicly available for systems.
MS11-015 – Addresses vulnerabilities in Microsoft Windows
This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
This security update is rated Critical for affected editions of Windows XP (including Windows XP Media Center Edition 2005); all supported editions of Windows Vista and Windows 7; and Windows Media Center TV Pack for Windows Vista. This security update is also rated Important for all supported editions of Windows Server 2008 R2 for x64-based systems.
MS11-016 – Addresses a vulnerability in Microsoft Office
This security update resolves a publicly disclosed vulnerability in Microsoft Groove that could allow remote code execution if a user opens a legitimate Groove-related file that is located in the same network directory as a specially crafted library file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Microsoft Groove 2007 Service Pack 2.
MS11-017 – Addresses a vulnerability in Microsoft Windows
This security update resolves a publicly disclosed vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
This security update is rated Important for Remote Desktop Connection 5.2 Client, Remote Desktop Connection 6.0 Client, Remote Desktop Connection 6.1 Client, and Remote Desktop Connection 7.0 Client.