Feeds

MS Media Player gives up your box

Don't worry, they fixed it before you were rooted

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

If there's one thing that occasionally tempts me to miss Windows, it's the mediocre multimedia support in Linux. But then again, my media player doesn't allow remote attackers to own my box. It's a trade-off, I'll allow.

Yesterday MS 'fessed up to three new holes in WMP, the most serious of which allows remote evildoers to run arbitrary code on your priceless Windoze machine.

However, and we'll quote Redmond directly, the remaining two are hardly benign. We have:

"A privilege-elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system."

And "a script-execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed Web page. This particular vulnerability has specific timing requirements that makes attempts to exploit vulnerability difficult and is rated as low severity."

"Specific timing requirements" in this case means that unless you do precisely what you're told by your pal in MSM, you won't get nailed. You have to play a file, close WMP and then hit a malicious Web site. Naturally, you'd never do that.

There's a cumulative patch posted here, with additional details.

Secure remote control for conventional and virtual desktops

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?