Security Alert Windows Media Player



Imhotep
07-09-2005, 10:52 PM
This was posted on another newsgroup...

Default Setting in Windows Media Player Digital Rights Management Could
Allow a User to Open a Web Page Without Requesting Permission

http://www.microsoft.com/technet/security/advisory/892313.mspx

Affects Media player 9 and 10

What makes this bad is by using current IE exploits no user interaction
would be required for someone to do bad things. If you download music
or video files ..... be aware.

-Im

Crouchie1998
07-09-2005, 10:52 PM
And? Tell it to the microsoft.public.windowsmedia.player newsgroup

Crouchie1998
BA (HONS) MCP MCSE

Imhotep
07-09-2005, 10:52 PM
Crouchie1998 wrote:

> And? Tell it to the microsoft.public.windowsmedia.player newsgroup
>
> Crouchie1998
> BA (HONS) MCP MCSE

....and this *is* microsoft.public.security is it not?

-Im

Malke
07-09-2005, 10:52 PM
Imhotep wrote:

> Crouchie1998 wrote:
>
>> And? Tell it to the microsoft.public.windowsmedia.player newsgroup
>>
>> Crouchie1998
>> BA (HONS) MCP MCSE
>
> ...and this *is* microsoft.public.security is it not?
>
> -Im

Yes, and I appreciate your post because although I support Windows for a
living, I don't hang out in the Media Player newsgroup. Thanks for the
heads up.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Imhotep
07-09-2005, 10:52 PM
Malke wrote:

> Imhotep wrote:
>
>> Crouchie1998 wrote:
>>
>>> And? Tell it to the microsoft.public.windowsmedia.player newsgroup
>>>
>>> Crouchie1998
>>> BA (HONS) MCP MCSE
>>
>> ...and this *is* microsoft.public.security is it not?
>>
>> -Im
>
> Yes, and I appreciate your post because although I support Windows for a
> living, I don't hang out in the Media Player newsgroup. Thanks for the
> heads up.
>
> Malke

....that's why I posted it. The more people that read the warning and fix the
problem, the less mailbot zombies I have to worry about later :-)

--Imhotep

Karl Levinson, mvp
07-09-2005, 10:52 PM
Thanks for the info. I don't know why MS didn't make this a security
bulletin back in March when it first came out. No wonder most people dont'
seem to know about this. I gather they don't consider it a security
vulnerability, but I sure freaking do.


"Imhotep" <NoSpam@nothanks.net> wrote in message
news:Ifcle.53$Eq.12@fed1read03...
> This was posted on another newsgroup...
>
> Default Setting in Windows Media Player Digital Rights Management Could
> Allow a User to Open a Web Page Without Requesting Permission
>
> http://www.microsoft.com/technet/security/advisory/892313.mspx
>
> Affects Media player 9 and 10
>
> What makes this bad is by using current IE exploits no user interaction
> would be required for someone to do bad things. If you download music
> or video files ..... be aware.
>
> -Im

Frank Saunders, MS-MVP IE/OE
07-09-2005, 10:52 PM
Imhotep wrote:
> This was posted on another newsgroup...
>
> Default Setting in Windows Media Player Digital Rights Management
> Could Allow a User to Open a Web Page Without Requesting Permission
>
> http://www.microsoft.com/technet/security/advisory/892313.mspx
>
> Affects Media player 9 and 10
>
> What makes this bad is by using current IE exploits no user
> interaction would be required for someone to do bad things. If you
> download music or video files ..... be aware.
>
> -Im

Thanks.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/

Imhotep
07-09-2005, 10:52 PM
Karl Levinson, mvp wrote:

> Thanks for the info. I don't know why MS didn't make this a security
> bulletin back in March when it first came out. No wonder most people
> dont'
> seem to know about this. I gather they don't consider it a security
> vulnerability, but I sure freaking do.
>
>
> "Imhotep" <NoSpam@nothanks.net> wrote in message
> news:Ifcle.53$Eq.12@fed1read03...
>> This was posted on another newsgroup...
>>
>> Default Setting in Windows Media Player Digital Rights Management Could
>> Allow a User to Open a Web Page Without Requesting Permission
>>
>> http://www.microsoft.com/technet/security/advisory/892313.mspx
>>
>> Affects Media player 9 and 10
>>
>> What makes this bad is by using current IE exploits no user interaction
>> would be required for someone to do bad things. If you download music
>> or video files ..... be aware.
>>
>> -Im


Me too!

-Im


Security Alert Windows Media Player