Microsoft addresses four flaws in March Patch Tuesday

Microsoft has issued three bulletins to address four vulnerabilities in its latest monthly security release.

The March edition of the Patch Tuesday update includes two bulletins for issues rated 'important' and a third for flaws considered 'critical'.

The 'critical' patch addresses flaws in the Microsoft Windows Media platform. If exploited, the vulnerability could allow an attacker to use a specially crafted .dvr file to trigger a crash and remotely execute code on a targeted system.

Microsoft said that the attack cannot be automatically triggered, meaning that an attacker would need to use social engineering to trick a target into launching the malicious file.

Microsoft still lists the vulnerability as a top patching priority for Windows XP, Vista and Windows 7 systems.

The patch is considered an 'important' update for Windows Server 2008 R2 x64. Other versions of Windows Server are not believed to be vulnerable.

The remaining two patches address DLL preloading issues in Microsoft Office and Windows Remote desktop Connection which could allow remote code execution. Both have been classified as 'important'.

However, there is one omission from the March update that has raised eyebrows among security experts.

Dave Marcus, director of security research and communications at McAfee Labs, noted that a recently disclosed flaw in Internet Explorer's MHTML component remains unpatched.

"We haven't seen evidence that the impact of the MHTML vulnerability is any more significant than the other zero-day code execution vulnerabilities we've seen recently," Marcus said.

"This month's Patch Tuesday does not address this Internet Explorer zero-day, which could allow hackers to take advantage of this vulnerability."