Microsoft's March Patch Tuesday again came in on the lighter side of some months.  This continues the 2014 trend of smaller Patch Tuesdays.  We only see 2 issues that are critical/remote code execution, one of which is the usual IE (MS14-012), the other is an an issue in the DirectShow libraries (MS14-013) which affects most versions of Windows from XP up to 8.1/2012r2.  These two are where we should focus our patching efforts.

 

Of the 18 CVEs addressed in MS14-012, one is known to be in limited target attacks on IE 10 (CVE-2014-0322) and was the subject of a Microsoft security advisory just after February's patch Tuesday (2934088).  A second CVE in MS14-012 (CVE-2014-0324) has also been seen in very limited exploitation attempts on IE 8; this exploit is not considered to be “in the wild”.

 

The issue fixed in Silverlight (MS14-014) is an ASLR bypass issue, that is to say, it could be used in conjunction with another exploit to evade mitigation techniques.

 

The SAMR issue (MS14-016) is of relatively low risk, in that if used in conjunction with an unknown or unspecified issue that would reset the login attempt could, could enable a brute forcing of a password.  While a serious problem, the exploitability depends on an unknown vector to become available to the attacker.