March 2011 Patch Tuesday Overview

Microsoft has released three new security bulletins that address four vulnerabilities in the March 2011 version of Patch Tuesday.  You may be asking why there are such a small number of bulletins being released this month.  The low number of bulletins being released was expected as this is typically a light security bulletin release month for Microsoft.

Three of the bulletins address a vulnerability that has been discussed quite often in the past several months.  Back in August 2010, Microsoft released Security Advisory 2269637.  This advisory addressed an issue with DLL preloading attacks that could result in remote code execution.  Microsoft has found three new areas in their products that are affected by this vulnerability.

MS11-015
- This patch affects Windows Media Player and Windows Media Center.  Opening a malicious .dvr-ms file on a network share that contains a malicious DLL could result in remote code execution. 

MS11-016
- This patch affects Office Groove.  Opening a malicious .vcg or .gta file on a network share that contains a malicious DLL could result in remote code execution.

MS11-017
- This patch affects the Windows Remote Desktop Protocol on the Windows operating system.  Opening a malicious .rdp file on a network share that contains a malicious DLL could result in remote code execution.  RDP file extensions could be common for administrators that have many servers they remotely connect to throughout the day.  Saving a RDP file with the server information is very useful for administrators managing a network.

MS11-015 also contains a fix for a critical vulnerability that affects Windows Media Player.  An attacker could host a malicious media file on a website.  If a user views the malicious website and media file with a browser, the attacker could gain remote code execution.  With this type of attack vector, this patch should be tested and deployed as soon as possible.

On the non-Microsoft front, Google released a new browser today with Google Chrome 10.0.648.127.  This update contains numerous security fixes.  It is very interesting to see the number of releases for the Google Chrome browser in the first quarter of 2011.  Today's release marks the 4th browser release in the past month.  Three of the updates contained multiple critical security updates.  The number of security releases and their frequency is showing a trend of Google addressing vulnerabilities at an extreme rate.  This is important as Patch Tuesday is not the only day you should be looking to update your software.

Google Chrome 8.0.552.237
- Released: 1/12/2011
- Contained:  Security Vulnerability Fixes

Google Chrome 9.0.597.84
- Released: 2/3/2011
- Contained:  Security Vulnerability Fixes

Google Chrome 9.0.597.84
- Released:  2/8/2011
- Contained:  Security Vulnerability Fixes

Google Chrome 9.0.597.98
- Released:  2/10/2011
- Contained:  Non-security Fixes

Google Chrome 9.0.597.107
- Released:  2/28/2011
- Contained:  Security Vulnerability Fixes

With the 'light' patch month from Microsoft, this presents a perfect opportunity for administrators to catch up on the numerous non-Microsoft security bulletins released in the last month.  A few of these are extremely critical:

Foxit Reader 4.3.1.218
- Released:  2/24/2011

Mozilla Firefox 3.6.14, 3.5.17
Mozilla Thunderbrid 3.1.8
Mozilla SeaMonkey 2.0.12
- Released:  3/1/2011

Apple iTunes 10.2
- Released:  3/2/2011

Google Chrome 10.0.648.127
- Released:  3/8/2011

Happy patching!

- Jason Miller