Smokey's Security Weblog

veritas odium parit

Advice: don’t use WMP – Windows Media Player anymore….

…. because a critical vulnerability in WMP is still unpatched, and Microsoft have no workaround or precautions to deal with the issue.

Some background information:

“Ryan Naraine / ZDNet – posted today: Lost in the shuffle of this month’s Patch Tuesday barrage is the fact that a critical vulnerability in the ever-present Windows Media Player (WMP) was not fixed “because of a last minute quality issue”.

Microsoft originally listed the WMP update in the advance notice for August but, when the patches dropped on Tuesday, it had slipped because of patch-quality concerns.This effectively means that millions of Windows users — WMP ships with every version of the desktop operating system — are exposed to a critical, code execution vulnerability that will not be fixed for at least another month.”

“EGeezer / DSLR – posted today: I was intrigued by this Microsoft Technet blog entry, which referenced a patch that was not released for quality reasons. However, the poster did not provide any information on what was missing or what measures users could take until the patch was issued. While it’s goodness to remove flawed patches, the vulnerabilty information and workarounds(if any) should not also be removed.

Since the information on the missing patch was removed in the advisory, we as users only know that there’s a critical vulnerability in WMP out there that’s still unpatched, and have no workaround or precautions to take beyond simply not using WMP.”

Advertisements

August 16, 2008 - Posted by | Advisories, Alerts, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: