Microsoft released a single security bulletin for Windows. The patch package is designed to offer an alternative to admins that need to manage IT environments without the aid of Windows Server Update Services (WSUS) or an automated solution for patch delivery and installation. The March 2010 Security Release ISO Image contains just multiple language versions of MS10-016, a security update that was offered to Windows users.
“The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft explained. “This security update is rated Important for Windows Movie Maker 2.1, Windows Movie Maker 2.6, Windows Movie Maker 6.0, and Microsoft Producer 2003.”
In its default configuration, Windows 7 is not affected by the vulnerability, since the operating system no longer comes with Windows Movie Maker as a component. In addition, the Redmond company emphasized that Windows Live Movie Maker, the Windows Live Essentials equivalent of the plain vanilla Movie Maker, did not contain the vulnerability.
“The security update addresses the vulnerability by changing the way that Windows Movie Maker parses project files. There is no security update available for Microsoft Producer 2003 at this time. Customers can mitigate the impact to systems with Microsoft Producer 2003 by applying the automated solution to remove the Microsoft Producer file associations using the Fix it found in Microsoft Knowledge Base Article 975561,” the company added.