Microsoft Rolls Out Light Security Update for March

Microsoft's March security update arrived today, just as forecast, with one "critical" item and two "important" fixes for IT pros to consider.

The update is designed to plug four vulnerabilities in total. All of the security bulletins in this month's update address remote code execution exploits, which is the most common risk associated with Windows systems and applications.

In months like this one with thin patch counts, the chatter among security mavens tends to be more about what Microsoft didn't include than what was patched. One item of note in that regard is a critical MHTML flaw in Windows/Internet Explorer. Microsoft released a workaround for the flaw in security advisory 2501696 that was announced in late January. However, after over a month's time, Microsoft apparently doesn't see the flaw as sufficiently alarming to issue a patch just yet.

"Truthfully, it's disturbing that a known critical vulnerability has been left unpatched for such an extended period of time," said Chris Greamo, vice president of research for Invincea Labs.

Greamo added that despite the lack of perceived threats around the unpatched issue, the fact that it hasn't been patched after such time only furthers the idea that the IT security industry is caught in a cycle that is "reactive instead of proactive, one that relies on the bad guys to call attention to holes and vulnerabilities that exist in software we use on a daily basis."

One of Invincea Labs' blog posts recently referred to this patch lag as a "security insanity cycle," criticizing Microsoft and other software vendors for maintaining it.

Critical and Important Items
The first and only critical item is a patch for DirectShow Windows Media Player and Windows Media Center. It covers Windows XP, Windows Vista, Windows 7 and Windows Server 2008.

Both of the important items address flaws in Microsoft's dynamic-link library (DLL) system. Exploiting the flaws might require some work on the part of a hacker, according to Joshua Talbot, security intelligence manager at Symantec Security Response.

"As for the DLL issues, Microsoft has been working to address these for some time now," Talbot said. "These are fairly easy to exploit, but because an attack would require a user to take some fairly uncommon steps -- such as opening up malicious files from SMB or WebDAV servers -- they're less likely to pose a serious threat."

The first important bulletin touches every supported Windows operating system. This patch, according to Microsoft, resolves a publicly disclosed vulnerability in Windows Remote Desktop Client.

The second important patch is a rare direct-to-application patch affecting Microsoft Groove 2007. Groove, which has now been integrated as SharePoint Workspace, is an application for project management and workflow collaboration. Microsoft indicated that a specially crafted library file would have to be present for an attack to be successful. Additionally, Microsoft said that the risk of an exploit is reduced if users have their Groove accounts configured with fewer user rights.

Andrew Storms, director of security at nCircle, said that the lull in high-profile patch news for this month is actually a good thing right now. However, a barrage of unresolved issues lurks around the corner.

"April will probably bring a shower of patches as part of Microsoft's seasonal high-low months," Storms said. "Plus CanSec West's Pwn2own hacking contest is also scheduled for later this week and that traditionally unearths some interesting Internet Explorer and Windows 7 phone security bugs."

Meanwhile all three fixes in the March security update may require a restart. Nonsecurity releases for Windows Server Update Services, Microsoft Update and Windows Update can be found in this Knowledge Base article.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Tamper Protection Now Available to Microsoft Defender ATP Subscribers

    The Microsoft Defender Advanced Threat Protection (ATP) E5 subscription plan now has an optional "tamper protection" security feature, Microsoft announced on Monday.

  • Exploring OCR, a New Way To Get Data into Excel

    Microsoft recently added a new optical character recognition feature to Excel that lets users import data from a photograph taken from a smartphone. Here's how to use it.

  • Microsoft Authenticator App To Get Real-Time Phishing Protections

    Microsoft is working on adding capabilities to its Microsoft Authenticator app to help defeat security breaches enabled by advanced attack techniques, including phishing and man-in-the-middle methods.

  • A Quicker Way To Create Hyper-V Inventory Reports

    If you need to generate Hyper-V inventory reports but don't want the hassle of writing your own custom PowerShell script, here is a shortcut.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.