For the uninitiated, so-called "Patch Tuesday" -- the second Tuesday of each month -- usually brings a new round of Windows system updates from Microsoft, and yesterday was no exception. According to the Microsoft Security Bulletin Summary for March 2011, Microsoft has released two important updates (MS11-016 and MS11-07, which deal with vulnerabilties in Microsoft Groove and the Windows Remote Desktop Client, respectively) and one critical one: MS11-015, an alert entitled "Vulnerabilities in Windows Media Could Allow Remote Code Execution."
- Related: Cloud Connections Conference [event]
The latter update addresses vulnerabilities in DirectShow, Windows Media player, and Windows Media Center. According to Microsoft, this vulnerability could "allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so."
Microsoft encourages system administrators and IT security professionals to deploy the updates. Check out a bulletin overview podcast by Microsoft's Jerry Bryant (link to mp3), or visit the MSRC blog or MSRC Twitter account (@MSFTSecResponse) for more details and additional Microsoft security news and updates. It's also a good idea to peruse the services available in the Microsoft Technical Security Notifications website, which provides IT pros a number of ways to automatically receive Microsoft security notifications.Did you find anything unexpected in yesterday's Patch Tuesday update? Share your thoughts by adding a comment to this blog post or continuing the discussion on Twitter.