Microsoft has released March’s Patch Tuesday updates which comprise of 3 patches, one critical and two important, that fix four vulnerabilities.
MS11-015 – Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
The only critical vulnerability belongs to Windows Media, specifically DirectShow, Windows Media Player and Windows Media Center which could allow remote code execution if a specific malicious Microsoft Digital Video Recording (.dvr-ms) file is opened. Microsoft warns that in all cases, the file will not open automatically and users cannot be forced to open it, for an attack to be successful, a user must be convinced to do so.
MS11-017 – Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
The second patch, labelled important, resolves a publicly disclosed vulnerability in Windows Remote Desktop Client which could again allow remote code execution if a particular file is opened. The file, a legitimate Remote Desktop configuration (.rdp) file, is found located in the same network folder as a specially crafted library file. Microsoft say that “for an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.”
MS11-016 – Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
The final important patch addresses a vulnerability in Microsoft Groove that could allow for remote code execution if a legitimate Groove-related file that is located in the same network directory as a specially crafted library file is opened. Microsoft add that “users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit,
We will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.