Microsoft has issued three bulletins to address four vulnerabilities in its latest monthly security release.
The March edition of the Patch Tuesday update includes two bulletins for issues rated 'important' and a third for flaws considered 'critical'.
The 'critical' patch addresses flaws in the Microsoft Windows Media platform. If exploited, the vulnerability could allow an attacker to use a specially crafted .dvr file to trigger a crash and remotely execute code on a targeted system.
Microsoft said that the attack cannot be automatically triggered, meaning that an attacker would need to use social engineering to trick a target into launching the malicious file.
Microsoft still lists the vulnerability as a top patching priority for Windows XP, Vista and Windows 7 systems.
The patch is considered an 'important' update for Windows Server 2008 R2 x64. Other versions of Windows Server are not believed to be vulnerable.
The remaining two patches address DLL preloading issues in Microsoft Office and Windows Remote desktop Connection which could allow remote code execution. Both have been classified as 'important'.
However, there is one omission from the March update that has raised eyebrows among security experts.
Dave Marcus, director of security research and communications at McAfee Labs, noted that a recently disclosed flaw in Internet Explorer's MHTML component remains unpatched.
"We haven't seen evidence that the impact of the MHTML vulnerability is any more significant than the other zero-day code execution vulnerabilities we've seen recently," Marcus said.
"This month's Patch Tuesday does not address this Internet Explorer zero-day, which could allow hackers to take advantage of this vulnerability."
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display