March 2011 - Microsoft Releases 3 Advisories
Publish Date: 20 février 2013
Gravité: : Élevé
Date du conseil: 08 mars 2011
Description
Microsoft addresses the following vulnerabilities in its March batch of patches:
- (MS11-015) Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
Risk Rating: Critical
This security update addresses a vulnerability in DirectShow and a vulnerability in Windows Media Player and Windows Media Center. An attacker could execute arbitrary code if a user opens a specially crafted Microsoft Digital Video Recording (.DVR-MS) file. Read more here. - (MS11-016) Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Groove, which could allow remote attackers to execute code on the vulnerable system. The attack works if a user opens a legitimate Groove-related file that is located in the same network directory as a specially crafted library file. Read more here. - (MS11-017) Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
Risk Rating: Important
This security update addresses a vulnerability in Windows Remote Desktop Client, which could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.RDP) file. Read more here.
Information Exposure Rating:
Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):
Microsoft Bulletin ID | Vulnerability ID | Identifier & Title | IDF First Pattern Version | IDF First Pattern Release Version |
---|---|---|---|---|
MS11-015 |
CVE-2011-0032 |
1004373 - Identified Microsoft DLL File Over Network Share |
|
August 25, 2010 |
1004566 - Identified Suspicious Microsoft DLL File Over Network Share | 11-009 | March 9, 2011 | ||
MS11-016 |
CVE-2010-3146 |
1004373 - Identified Microsoft DLL File Over Network Share | 10-028 | August 25, 2010 |
1004566 - Identified Suspicious Microsoft DLL File Over Network Share | 11-009 | March 9, 2011 | ||
MS11-017 |
CVE-2011-0029 |
1004373 - Identified Microsoft DLL File Over Network Share | 10-028 | August 25, 2010 |