 | By Susan Bradley March’s Patch Tuesday proved light on fixing vulnerabilities. That could be either good news or bad. It does give us time to review past patches that gave some of us headaches — and others that need further testing. You’ll find a new summary chart at the bottom of this column. |
MS11-015 (2510030, 2479943, 2502898)
Media player needs critical update
There’s only one patch I urge you to install soon: MS11-015, an update for DirectShow/Windows Media Player that fixes library-file vulnerabilities. Eight months ago, Microsoft released security advisory KB2269637, which revealed potentially dangerous DLL-preloading vulnerabilities. (Users could be tricked into opening malicious folders, websites, and media files that would then infect their machines.) Months later, we’re still patching .dll problems.
This is a critical fix for XP, Vista, and Windows 7 systems.
It also affects the Windows Media Center TV Pack for Windows Vista (a special OEM version released as an optional component). If you see two updates, install both; Microsoft recommends installing KB 2479943 before KB 2494132.
► What to do: Put MS11-015 (KB 2510030, KB 2479943, and KB 2502898) on your installation fast track.
MS11-016 (2494047), MS11-017 (2508062)
Low-priority DLL-preloading problems to fix
The patch in MS11-016 (KB 2494047) is rated important and affects only systems with Microsoft Groove 2007 Service Pack 2 installed. (Groove is an Office collaborative workspace tool.) That, and the fact that I give Windows Secrets readers more credit than to blindly open Groove files, make this is a relatively low-priority patch.
Related posts:
