Microsoft Issues 3 Security Updates, Including 1 Critical

Software giant Microsoft released three security updates on 'Patch Tuesday' that fix flaws in Windows and Office.

The company failed though to add further patches its Internet Explorer browser ahead of the Pwn2Own hacking contest which begins today.

One of the three updates was deemed 'Critical' by the company, its highest security rating while the remaining two were categorised as important.

The critical MS11-015 update will patch two security vulnerabilities found in Windows Media Center and Windows Media Player that are present in almost every Windows offering. The flaw, which could result in a drive-by attack, affects the Digital Video Recording (DVR-MS) files that are generated by the Stream Buffer Engine (SBE).

Andrew Storms, director of security operations at nCircle Security told Computer World, “There are two exploit methods, the first in an IFRAME, which would be a typical drive-by. The other is as an e-mail attachment, which it appears that users would have to actually open, not just preview [in their e-mail client].”

The other two 'Important' rated security updates address a pair of DLL load hijacking flaws that were discovered in Microsoft Groove 2007 Service Pack 2 used in Office and Windows Remote Client Desktop. The vulnerabilities in both the components could allow remote code execution.