ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Online business Toolkit

Microsoft stomps on Media Player bug

Lisa M Bowman CNet

Published: 28 Jun 2002 08:54 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft is warning people that a series of flaws in its Windows Media Player could allow a malicious hacker to hijack people's computer systems and perform a variety of actions.

The flaws, found in some anti-piracy and storage features of the software, affect Media Player for Windows XP and Media Player versions 6.4 and 7.1, according to a security bulletin on Microsoft's Web site.

The company rates the problems as "critical" -- Microsoft's most severe rating -- and urges people to "immediately" download a patch, which was released on Wednesday. The company said the patch would also fix previous problems with the software.

The patch is available here from ZDNet UK downloads.

In the most severe exploit of a flaw, a hacker could take over a computer system and perform any task the computer's owner is allowed to do, such as opening files or accessing certain parts of a network.

The flaw that's rated "critical" mishandles Windows Media Player's requests for media files containing "digital rights management" software, potentially allowing attackers access to Internet Explorer's cache, the place where temporary IE files are stored. The other flaws result from how the media player software responds to storage devices and the way it stores play lists.

To fall victim to an attack of the most severe kind, a person would have to obtain a media file, through email or by downloading it, for example. An attacker would then have to introduce an executable file into the person's browser cache and run it to gain access to the computer.

"It's not a straightforward, push-one-button-and-bad-things-happen type of thing. But there's a possibility a hacker could run code, and that's why we're rating it as critical," said Christopher Budd, a Microsoft security program manager.

Security holes have been a constant problem in Microsoft products, leading Chairman Bill Gates in January to promise to make security the company's top priority.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
38 out of 80 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business


Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

Futures and Options Business Analyst Required!!!

You will be required to gather requirements, document them in a viable manner, perform UAT and lead the project throughout the entire project life ...

Websphere IT Specialist / Architect

Trouble shoot and fix technical problems, liaising with product management and technical support to organise a patch if necessary. Perform and lead ...

C++ Developer who is a good team player - Warwick

C++ and Linux is what this company nees and a good team player! A small company based in Warwick are searching for a Software Developer with skill ...

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Talkback

I wonder, who needs .asia domain? I cannot imagine, what would be useful for Microsoft.asia? Toyota.asia? Then let's register .europe (if .eu is too short). Or perhaps Microsoft.southamerica, Dell.australiaandnewzealand, Coca-Cola.africa... Sound funny? Then why not just use the global and country domains? Or perhaps it is time to drop the domains at all?

By: LadyRoot

Read full story:
Businesses advised to register .asia domains