For the uninitiated, so-called "Patch Tuesday" -- the second Tuesday of each month -- usually brings a new round of Windows system updates from Microsoft, and yesterday was no exception. According to the Microsoft Security Bulletin Summary for March 2011, Microsoft has released two important updates (MS11-016 and MS11-07, which deal with vulnerabilties in Microsoft Groove and the Windows Remote Desktop Client, respectively) and one critical one: MS11-015, an alert entitled "Vulnerabilities in Windows Media Could Allow Remote Code Execution."
The latter update addresses vulnerabilities in DirectShow, Windows Media player, and Windows Media Center. According to Microsoft, this vulnerability could "allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so."
Microsoft encourages system administrators and IT security professionals to deploy the updates. Check out a bulletin overview podcast by Microsoft's Jerry Bryant (link to mp3), or visit the MSRC blog or MSRC Twitter account (@MSFTSecResponse) for more details and additional Microsoft security news and updates. It's also a good idea to peruse the services available in the Microsoft Technical Security Notifications website, which provides IT pros a number of ways to automatically receive Microsoft security notifications.Did you find anything unexpected in yesterday's Patch Tuesday update? Share your thoughts by adding a comment to this blog post or continuing the discussion on Twitter.