Today is Patch Tuesday for the month of March and Microsoft is rolling out five security patches – two of which are rated Critical and three of which are rated Important. These updates address memory corruption vulnerabilities along with a zero day vulnerability in Internet Explorer.
One of the Critical updates deals with memory corruption vulnerabilities affecting all versions of Internet Explorer, from version 6 to 11. The second Critical update addresses a vulnerability in Microsoft DirectShow, which could allow a specially crafted JPEG image to remotely execute arbitrary code. This Critical update affects Windows XP, Vista, 7, 8, 8.1, RT, Windows Server 2003, 2008, and 2012.
One of the Important security updates deals with a vulnerability in Silverlight that could allow memory security controls DEP (Data Execution Prevention) and Address Space Layout Randomization (ASLR) to be bypassed. Vulnerabilities in Windows Kernel Mode driver that could allow elevation of privileges and a vulnerability in Microsoft Remote Protocol that could allow an attacker to cause Windows to incorrectly validate user lockout states are also addressed in the Important updates.
Windows XP is also included in todays Patch Tuesday, but as support ends April 8th, this could very well be the last update we will ever see. Head over to Windows Update to snag these security updates.Further reading: Microsoft, Patch Tuesday, Security