Advice: don’t use WMP – Windows Media Player anymore….

…. because a critical vulnerability in WMP is still unpatched, and Microsoft have no workaround or precautions to deal with the issue.

Some background information:

“Ryan Naraine / ZDNet – posted today: Lost in the shuffle of this month’s Patch Tuesday barrage is the fact that a critical vulnerability in the ever-present Windows Media Player (WMP) was not fixed “because of a last minute quality issue”.

Microsoft originally listed the WMP update in the advance notice for August but, when the patches dropped on Tuesday, it had slipped because of patch-quality concerns.This effectively means that millions of Windows users — WMP ships with every version of the desktop operating system — are exposed to a critical, code execution vulnerability that will not be fixed for at least another month.”

“EGeezer / DSLR – posted today: I was intrigued by this Microsoft Technet blog entry, which referenced a patch that was not released for quality reasons. However, the poster did not provide any information on what was missing or what measures users could take until the patch was issued. While it’s goodness to remove flawed patches, the vulnerabilty information and workarounds(if any) should not also be removed.

Since the information on the missing patch was removed in the advisory, we as users only know that there’s a critical vulnerability in WMP out there that’s still unpatched, and have no workaround or precautions to take beyond simply not using WMP.”

August 16, 2008 - Posted by Smokey | Advisories, Alerts, General, Malware, News, Security, Vulnerabilities | Critical vulnerability WMP - Windows Media Player, unpatched microsoft windows vulnerabilities, WMP code execution, workarounds | No Comments Yet

No comments yet.

« Previous | Next »

Introduction

weblog1

smokey_hat2
.
Welcome to Smokey’s Security Weblog!

Like my board Smokey’s Security Forums, this blog is mainly devoted to Security and all related issues. However, other issues like e.g. major occurances on my forum and social topics will be blogged too.

My forum offer free security and malware related Support, Help, Advice and Education.

As extra service we have a HijackThis & OTL (formerly OTListIt2) Logs Analyzing and Malware Removal/Cleaning Help Forum, full qualified HJT/OTL Analysers/Malware Hunters will be pleased to help you for free to clean your malware infected PC.

We are hosting and maintaining the Official Jetico Inc. Support Forums, including the following products:

- Jetico Personal Firewall V1
- Jetico Personal Firewall V2
- Jetico BestCrypt for Windows
- Jetico BestCrypt for Linux
- Jetico BestCrypt Volume Encryption
- Jetico BCArchive
- Jetico BCWipe for Windows
- Jetico BCWipe for UNIX

Disclaimer: information in this blog can be based on (not confirmed) statements of (anonymous) sources, Smokey’s Security Weblog don’t take any responsabilty for the credibility of these sources and their statements.

The posts/articles in this blog can be supplemented with so called “Possibly related posts” links. Because these links are automatically generated by WordPress.com, Smokey’s Security Weblog have no influence on the links itself and/or content of them. Therefore this Weblog don’t take any responsability for these links and all related issues.

About Copyright and this Blog: it is allowed to reproduce (parts of) posts in this blog if this reproduction is provided with a direct link to the original blog post. It is NOT allowed to copy, use and/or reproduce any image or blog banner.

Blog comments policy: to restrain indecent and off-topic comments and spam, comments are reviewed before publishing. Therefore, delay in comment publishing is unavoidable. Obligatory language of comments is English.
.