March 2011 Microsoft Updates

by PCSentry on 03/31/2011

  • MS11-015Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
  • MS11-016Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
  • MS11-017Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)

More Information:

MS11-015
Severity Rating: Critical
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)

Description:

This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so. This security update is rated Critical for affected editions of Windows XP (including Windows XP Media Center Edition 2005); all supported editions of Windows Vista and Windows 7; and Windows Media Center TV Pack for Windows Vista. This security update is also rated Important for all supported editions of Windows Server 2008 R2 for x64-based systems.

Included Updates:

  • Security Update for Windows XP Media Center Edition 2005 Update Rollup 2 X86 Edition (KB2502898)
  • Security Update for Windows Vista Media Center TVPack 2008 for x64-based Systems (KB2494132)
  • Security Update for Windows Vista Media Center TVPack 2008 (KB2494132)
  • Security Update for Windows XP x64 Edition (KB2479943)
  • Security Update for Windows XP (KB2479943)
  • Security Update for Windows Vista for x64-based Systems (KB2479943)
  • Security Update for Windows Vista (KB2479943)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2479943)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2479943)
  • Security Update for Windows Embedded Standard 7 (KB2479943)
  • Security Update for Windows 7 for x64-based Systems (KB2479943)
  • Security Update for Windows 7 (KB2479943)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-015.mspx
MS11-016
Severity Rating: Important
Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)

Description:

This security update resolves a publicly disclosed vulnerability in Microsoft Groove that could allow remote code execution if a user opens a legitimate Groove-related file that is located in the same network directory as a specially crafted library file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for Microsoft Groove 2007 Service Pack 2.

Included Updates:

  • Security Update for Groove 2007 (KB2494047)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-016.mspx
MS11-017
Severity Rating: Important
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)

Description:

This security update resolves a publicly disclosed vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. This security update is rated Important for Remote Desktop Connection 5.2 Client, Remote Desktop Connection 6.0 Client, Remote Desktop Connection 6.1 Client, and Remote Desktop Connection 7.0 Client.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB2481109)
  • Security Update for Windows XP (KB2483618)
  • Security Update for Windows XP (KB2483614)
  • Security Update for Windows Server 2003 (KB2483619)
  • Security Update for Windows XP (KB2481109)
  • Security Update for Windows Server 2003 x64 Edition (KB2481109)
  • Security Update for Windows Server 2003 (KB2481109)
  • Security Update for Windows Server 2008 (KB2481109)
  • Security Update for Windows Server 2008 x64 Edition (KB2481109)
  • Security Update for Windows Vista (KB2481109)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB2481109)
  • Security Update for Windows Vista for x64-based Systems (KB2481109)
  • Security Update for Windows Vista for x64-based Systems (KB2483614)
  • Security Update for Windows Vista (KB2483614)
  • Security Update for Windows Server 2008 R2 x64 Edition (KB2483614)
  • Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2483614)
  • Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2483614)
  • Security Update for Windows Embedded Standard 7 (KB2483614)
  • Security Update for Windows 7 for x64-based Systems (KB2483614)
  • Security Update for Windows 7 (KB2483614)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS11-017.mspx