Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Patch Tuesday: Gaping security hole in Windows Media Player


08 Mar 2011   #1

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
Patch Tuesday: Gaping security hole in Windows Media Player

Quote:
Microsoft today warned that the Windows Media Player that ships with every copy of its Windows operating system contains a critical vulnerability that could allow remote code execution if a user is tricked into opening a video file.

The disclosure forms part of this month’s Patch Tuesday release where Microsoft shipped three bulletins with patches for security holes in Windows and Microsoft Office.

The most serious of the three bulletins is MS11-015 and Microsoft is urging all Windows users to apply this update immediately because of the severity and the likelihood of working attack code within 30 days.

This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.

The Windows Media update is rated “critical” for affected editions of Windows XP (including Windows XP Media Center Edition 2005); all supported editions of Windows Vista and Windows 7; and Windows Media Center TV Pack for Windows Vista.

The biggest problem exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files.

This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted .dvr-ms file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This month’s Patch Tuesday batch also includes MS11-017, an “important” bulletin covering a code execution flaw in the Windows Remote Desktop Client.

The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file.

It’s important to note that there are several outstanding issues that were not patched this month.
Read More:


Patch Tuesday: Gaping security hole in Windows Media Player | ZDNet


My System SpecsSystem Spec
.

09 Mar 2011   #2

Windows 7 Home Premium 64 bit SP1
 
 

Hi Borg. Glad to see the cat hasn't got you yet. Thanks for the info.
My System SpecsSystem Spec
Reply

 Patch Tuesday: Gaping security hole in Windows Media Player




Thread Tools



Similar help and support threads for2: Patch Tuesday: Gaping security hole in Windows Media Player
Thread Forum
Patch Tuesday: Microsoft to fix five critical security flaws Security News
Microsoft to patch 9 security vulnerabilities on Tuesday Security News
Microsoft readies patch for gaping IE browser security holes Security News
Patch Tuesday heads-up: Windows security holes Security News
Patch Tuesday heads-up: Critical MS Office security holes Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:13 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33