Windows Media Player 9 RC1 Released
Posted by aco on 01 November 2002 - 06:37 · no comments & 368 views
Microsoft has released Windows Media Player 9 RC1 for 98SE/Me/2000 and for Windows XP as seperate packages, the changes in the first release candidate are as follows:
  • Media Link Use Media Link to email shortcuts to highlights from streamed news, presentations, home movies and more
  • HighMAT CD Burning A new option for CD burning, HighMAT makes it easy to save personal digital music and video created on your PC to recordable discs that work seamlessly with next-generation consumer electronics devices
  • Synchronized Lyrics support View or add your own synchronized lyrics to music files. Displayed as captions, synchronized lyrics are displayed in Now Playing and Full Screen modes
  • Auto Playlist Enhancements Expanded support for more types of criteria when creating or editing Auto Playlists
  • Performance improvements Continued optimizations improve startup time and media library performance dramatically over previous versions
  • Usability Improvements Based on real feedback in newsgroups, many improvements have been made to areas including Mini-Player mode, Info Center View, Album Lookup, Queue-it-Up, and more
Note: This is a release candidate of a Windows feature and is unsupported. In order to restore the original feature after updating Windows XP or Windows Me, you must use System Restore. Please check to ensure System Restore is turned on.

View: Release Notes (known issues, installation info)
Download: Windows Media Player 9 RC1 for Windows XP (9.8 MB)
Download: Windows Media Player 9 RC1 for Windows 98SE/Me/2000 (13.5 MB)

In addition to including previously released security patches, this patch also includes fixes for the following newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and/or 5.1:

- A privilege elevation vulnerability affecting the way ISAPIs
are launched when an IIS 4.0, 5.0 or 5.1 server is configured
to run them out of process. By design, the hosting process
(dllhost.exe) should run only in the security context of the
IWAM_computername account; however, it can actually be made to
acquire LocalSystem privileges under certain circumstances,
thereby enabling an ISAPI to do likewise.

- A denial of service vulnerability that results because of a flaw
in the way IIS 5.0 and 5.1 allocate memory for WebDAV requests.
If a WebDAV request were malformed in a particular way, IIS would
allocate an extremely large amount of memory on the server. By
sending several such requests, an attacker could cause the server
to fail.

- A vulnerability involving the operation of the script source
access permission in IIS 5.0. This permission operates in
addition to the normal read/write permissions for a virtual
directory, and regulates whether scripts, .ASP files and
executable file types can be uploaded to a write-enabled virtual
directory. A typographical error in the table that defines the
file types subject to this permission has the effect of omitting
.COM files from the list of files subject to the permission. As a
result, a user would need only write access to upload such a file.

- A pair of Cross-Site Scripting (CSS) vulnerabilities affecting
IIS 4.0, 5.0 and 5.1, and involving administrative web page. Each
of these vulnerabilities have the same scope and effect: an
attacker who was able to lure a user into clicking a link on his
web site could relay a request containing script to a third-party
web site running IIS, thereby causing the third-party site's
response (still including the script) to be sent to the user.
The script would then render using the security settings of
the third-party site rather than the attacker's.

In addition, the patch causes 5.0 and 5.1 to change how frequently the socket backlog list - which, when all connections on a server are allocated, holds the list of pending connection requests - is purged. The patch changes IIS to purge the list more frequently in order to make it more resilient to flooding attacks. The backlog monitoring feature is not present in IIS 4.0.


There are no additional comments
Advertisement


Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.


Scroll to the Top
....
My Preferences
....
Communicating with server
Loading
Please Wait...
....
Loading
 X 
....