Critical Bug In Legacy Windows Media Players

Proof-of-concept code that exploits a critical bug in Windows Media Player has gone public, Microsoft Corp. warned users late Thursday.

A vulnerability in Media Player 9 and 10 can be used by attackers to grab control of a PC, security researchers warned. A malicious .asx-formatted playlist, if opened by an unsuspecting user, could completely compromise the machine.

"We're aware of proof-of-concept code published publicly affecting Windows Media ASX file format [and] we are currently investigating," wrote Alexandra Huft, a security program manager with the Microsoft Security Response Center, on the team's blog. "We are not currently aware of attempts to exploit this vulnerability," she added.

Because .asx playlists open automatically within a browser, hackers would only need to coax users to a malicious Web site to snatch their systems. Microsoft has offered no workarounds or other tactical advice.

View: TechWeb Story

Report a problem with article
Previous Story

Neowin mobile re-released

Next Story

Siemens Touts New IP Phone Innovations

36 Comments

Commenting is disabled on this article.

You know what...after all this I went and downloaded the latest WMP11. It's going to take some getting used to but it's time I sucked up my dislike of WMP11 and got with the future. It's playing now as we speak.
And you know? The interface is actually decent. The only thing that really bugged me was the way the Library is layed out, but with the Details view it's actually similar to WMP10, which is all I really cared about.

I don't plan to buy a Zune; Archos makes much better products.
I don't plan on using WMP's music stores; I prefer iTunes (and other sources).
I may as well just get used to WMP11. It's here to stay.

Once I got used to the new layout I found that it was significantly better to use then WMP10 and below. It just took a little time to familiarise myself

the drm crap is the only reason i wont upgrade to wmp11 so i will stick to winamp/wmp10 ty.the interface in 11 is good just like wmp10,9 is not as good.

after reading:

"We are not currently aware of attempts to exploit this vulnerability," she added.

Did anyone else ask themselves, "If no one knew about it or has been trying to exploit it, then why tell people about it BEFORE you fix it? Just fix it, THEN tell people about it. Don't give hackers any heads-up on the subject."

sheesh

The details were likely already released on a security forum. Script kiddies are more likely to read such forums than MS press releases imo.

Quote - spacer said @ #7
after reading:

"We are not currently aware of attempts to exploit this vulnerability," she added.

Did anyone else ask themselves, "If no one knew about it or has been trying to exploit it, then why tell people about it BEFORE you fix it? Just fix it, THEN tell people about it. Don't give hackers any heads-up on the subject."

sheesh

MS WANTS people to upgrade to WMP11, for the DRM and commercial ties.

Quote - hvy said @ #7.2

MS WANTS people to upgrade to WMP11, for the DRM and commercial ties.


Can you give me an example of where WMP11 enforces DRM moreso than, say, WMP10?

Quote - Danrarbc641 said @ #7.3

Can you give me an example of where WMP11 enforces DRM moreso than, say, WMP10?

Actualy, WMP 11 has "online store" features that only work with the Zune player, so Microshcloft wants to scare everyone into getting WMP 11 becasue they think it will lead to more Zune sales.

Quote - Croquant said @ #7.4

Actualy, WMP 11 has "online store" features that only work with the Zune player, so Microshcloft wants to scare everyone into getting WMP 11 becasue they think it will lead to more Zune sales.

Wrong wrong wrong. Zune has its own software. It has no tie-ins with WMP 11 at all (which is actually a common gripe among WMP 11 users).

They don't mention privilege escalation, so unless someone uses it for a ransomware payload my beloved work PCs are safe, I guess... still, I might now do a proper study on whether we can upgrade to WMP11 -- I'm sure the users want to anyway

<typical mac user troll post>Another day, another M$ security hole. Why do people bother with this crap - I use a Mac, which not only means my computer is safe from all security threats, but it makes me better than the rest of you unwashed plebs.</typical mac user troll post>

Quote - AMDMEFX-55 said @ #5.4
He is just mad cause only a hand full of people use Mac's. Anyway why do ppl hate on WMP11 I like it much better then WMP10.

Me too, I don't get the WMP11 hating. It's actually a lot better once you get used to the change.

Quote - MajinDark said @ #2.1
That's a lame excuse. Use a skin if you don't like the default interface.

okay so wmp10 skin exist for wmp11?

if no then wmp10 for life

Quote - MajinDark said @ #2.1
That's a lame excuse. Use a skin if you don't like the default interface.

That doesn't fix it, because when it's embedded in a website, it still looks like crap.

Also, there's a whooping what, 50 skins to choose from? Yay. Winamp > WMP.

Quote - noroom said @ #2.3

That doesn't fix it, because when it's embedded in a website, it still looks like crap.

But it doesnt, when its embedded in a website it look just like the other version of media player but with different colours!

Quote - mcloum said @ #2.4

But it doesnt, when its embedded in a website it look just like the other version of media player but with different colours!


Um, and the buttons look different. And they're in different positions. Which means, it looks different. Like crap.

Quote - noroom said @ #2.5

Um, and the buttons look different. And they're in different positions. Which means, it looks different. Like crap.

IMHO, WMP 11 is so much better. i dont understand how you can hate it so much