Tuesday Fun With Microsoft


Give it up for Patch Tuesday, everyone’s favorite day of the month. Try and contain your excitement.

Microsoft Patch Tuesday Targets Four Bugs, One Critical

Microsoft on Tuesday issued three security bulletins that tackle four vulnerabilites. Just one of the vulnerabilities is rated critical. The other three are essentially the same bug, despite the fact that they affect three different products.

The first bug, MS11-015, describes two vulnerabilities in Windows Media. One, the only rated critical in this group, is a bug in Windows Media Center and Windows Media Player related to the handling of .dvr-ms files. It can lead to remote code execution in the context of user.

The other Windows Media bug, specifically in Microsoft DirectShow, is another instance of the insecure DLL loading bug that Microsoft and other vendors have been fixing for months. MS11-016 describes this bug in Microsoft Groove 2007 and MS11-017 describes it in the Windows Remote Desktop client.

Microsoft also released non-security updates today, including the monthly Windows Malicious Software Removal Tool, the update for the Windows Mail Junk E-mail Filter, and an update “to resolve issues” in Windows 7 and Windows Server 2008 R2.

See also:
Microsoft Security Bulletin Summary for March 2011
Microsoft Fixes Four Flaws
Microsoft patches critical Windows drive-by bug
Microsoft fixes critical Windows hole, others
Microsoft Patch Tuesday – three fixes for March, one critical, all ring coding alarms
Patch Tuesday: Gaping security hole in Windows Media Player
Critical Patch Tuesday Flaw Easy to Exploit
Go Plug Your Critical Hole
Microsoft Patch Tuesday leaves MHTML bug unchecked
Zero-day IE flaw not in Microsoft Patch Tuesday
Patch Tuesday Will Skip IE Before PWN2OWN Contest
March Patch Tuesday leaves IE unpatched for Pwn2Own hackers
Microsoft Releases Zero IE8 Security Updates Before “Pwn2Own” Browser Hacking Contest
Windows fix on Patch Tuesday ‘breaks’ VMware software
Microsoft Windows 7 Patches Wreak Havoc With VMware View
Windows 7 Update Breaks VMware Connection
Windows Update

As usual, Microsoft releases a patch that doesn’t even fix all the known issues and doesn’t play well with third party software. Particularly amusing is the fact that Microsoft is waiting to issue further patches until after a hacker contest is over fearing, with good reason, that the hackers will find even more Windows vulnerabilities.

/Microsoft Windows and Swiss cheese, what’s the difference?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: