Feeds

MS Media Player gives up your box

Don't worry, they fixed it before you were rooted

  • alert
  • submit to reddit

Intelligent flash storage arrays

If there's one thing that occasionally tempts me to miss Windows, it's the mediocre multimedia support in Linux. But then again, my media player doesn't allow remote attackers to own my box. It's a trade-off, I'll allow.

Yesterday MS 'fessed up to three new holes in WMP, the most serious of which allows remote evildoers to run arbitrary code on your priceless Windoze machine.

However, and we'll quote Redmond directly, the remaining two are hardly benign. We have:

"A privilege-elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system."

And "a script-execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed Web page. This particular vulnerability has specific timing requirements that makes attempts to exploit vulnerability difficult and is rated as low severity."

"Specific timing requirements" in this case means that unless you do precisely what you're told by your pal in MSM, you won't get nailed. You have to play a file, close WMP and then hit a malicious Web site. Naturally, you'd never do that.

There's a cumulative patch posted here, with additional details.

Choosing a cloud hosting partner with confidence

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.