BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Microsoft's February security bulletins

Tags:
Security,
Bulletin,
Patch,
Flaw

John McCormick Tech Republic

Published: 21 Feb 2006 14:30 GMT

...alternate "skins" for their media players. This is a newly disclosed threat, and no exploits have appeared in the wild.

Applicability

Windows Media Player 7.1 on Windows 2000 SP4
Windows Media Player for XP on Windows XP SP1
Windows Media Player 9 on Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003
Windows Media Player 10 on Windows XP S1 or Windows XP S2

Risk level
This is a critical threat for Windows Media Player 9 and Windows Media Player 10. Microsoft has rated it critical because a successful exploit would permit a remote attacker to take complete control of a vulnerable system — not because it's easy to exploit or likely to be a major attack vector. This is an important threat for Windows Media Player 7.1 and Windows Media Player for XP.

Mitigating factors
This threat requires a considerable amount of social engineering to get users to download the dangerous code, as Windows Media Player is typically not an application that deals with .bmp files.

Fix
Install the update. Microsoft has tested multiple workarounds for this attack vector, but they involve editing the registry. It's probably easier to just install the patch, especially since the workarounds cause multiple functionality restrictions in many DirectX applications.

MS06-006
Microsoft Security Bulletin MS06-006, Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution, addresses a Windows Media Player plug-in vulnerability (CVE-2006-0005), which is due to another unchecked buffer. This is a newly disclosed threat, and no exploits have appeared in the wild.

Applicability

Windows 2000 SP4
Windows XP SP1
Windows XP SP2
Windows XP x64 Edition
Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 x64 Edition

Risk level
While this is a remote code execution threat, Microsoft has rated it important for all affected systems.

Mitigating factors
This threat doesn't affect IE users — only users of alternative Web browsers. In addition, a potential attacker would have to convince users to visit a malicious Web site or open a suspicious email.

Fix
Install the update. While there is a Microsoft-approved workaround available, using...

1 2 3 4

Did you find this article useful?
210 out of 489 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Microsoft
Flaw
bulletin

February
Patch
Security

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner