News

Critical Update Released for Windows Media Player

Microsoft alerted users Tuesday to a critical vulnerability in its Windows Media Player that could allow attackers to run the code of their choice on users' machines. A patch is available.

The problem affects Windows Media Player 6.4, a two-year-old version of the software. However, Microsoft notes that version 7.0 and the more recent 7.1 may be vulnerable due to backward compatibility efforts, and the company recommends that IT administrators patch 7.x-generation Windows Media Players as well.

Although the vulnerability could affect users of Windows XP, Microsoft says the issue is addressed by the Windows XP Critical Update that Redmond posted the day of the Windows XP launch (Oct. 25).

The vulnerability stems from an unchecked buffer in the code that processes Advanced Streaming Format (ASF).

An attacker would have to create a specially malformed ASF file and induce a user to play it. In some cases, the buffer overrun will merely cause Windows Media Player to crash. In other cases, the attacker could cause code to be executed on the machine with the user's privileges.

A mitigating factor is that the attacker must correctly guess the specific operating system the user is running for the attack to successfully execute any code on a user's machine.

The patch, the 56th this year, follows a recent and welcome trend out of Redmond in that it eliminates all known vulnerabilities affecting Windows Media Player 6.4.

Under Microsoft's new rating system, the risk is rated as critical over the Internet, intranet and for client systems.

The security bulletin about the vulnerability and link to the patch can be found at http://www.microsoft.com/technet/security/bulletin/ms01-056.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

  • Microsoft's December Security Patches Includes Fixes for Two Active Exploits

    Microsoft ended the patch year on Tuesday with a whimper of sorts, releasing an estimated 39 security fixes in its December bundle plus one security advisory, according to a count by Trend Micro's Zero Day Initiative.

  • Microsoft Edge Browser To Get New Rendering Engine but EdgeHTML Continues

    Microsoft isn't exactly killing off its EdgeHTML rendering engine, even after declaring plans to use Chromium open source technologies in its Edge browser.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.