Security 10816 Published by

Microsoft updated the following security bulletins:

- MS11-017 - Important: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) - Version:1.2
- MS11-015 - Critical: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) - Version:1.1



MS11-017 - Important: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) - Version:1.2
Severity Rating: Important - Revision Note: V1.2 (March 9, 2011): Corrected the Non-Affected Software component entries for the service pack 1 versions of Windows 7 and Windows Server 2008 R2 from Remote Desktop Connection 7.0 Client to Remote Desktop Connection 7.1 Client. These are informational changes only. There were no changes to the security update files or detection logic.

Summary: This security update resolves a publicly disclosed vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
Read more

MS11-015 - Critical: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (March 9, 2011): Corrected the Systems Management Server table entries for SMS 2.0 and SMS 2003 with SUIT for Windows XP Service Pack 3. These are informational changes only. There were no changes to the security update files or detection logic.

Summary: This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
Read more