News

Critical Flaw Found in Windows Media Player

Officially, your users shouldn't be downloading Windows Media Player skins at work. Realistically, some of them probably are, and it's worthwhile to pay attention to a critical new security vulnerability patched by Microsoft Wednesday night.

The bulletin, Microsoft's 17th of 2003, fixes a flaw that could allow an attacker to run arbitrary code on computers running Windows Media Player 7.1 or Windows Media Player for Windows XP (version 8.0). Windows Media Player 9 Series isn't affected by the issue. Other versions aren't supported and weren't tested.

"Skins" are custom overlays that change the appearance of Windows Media Player. While the product ships with some skins already, it also allows third parties to create and distribute their own, and that's where the flaw comes in.

"A flaw exists in the way Windows Media Player 7.1 and Windows Media Player for Windows XP handle the download of skin files. The flaw means that an attacker could force a file masquerading as a skin file into a known location on a user’s machine. This could allow an attacker to place a malicious executable on the system," the Microsoft bulletin notes.

Microsoft Security Bulletin MS03-017 is available at www.microsoft.com/technet/security/bulletin/MS03-017.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.