Microsoft Issues Media Player Update alongside January Patch Tuesday

Article by George Norman (Cybersecurity Editor)

on 14 Jan 2009

Keeping with the established tradition of releasing patches for the Windows OS every second Tuesday of the month, Microsoft has recently plugged some holes in the Microsoft Server Message Block Protocol with this year’s first Patch Tuesday. On the same day the Redmond software giant has released an update for Windows Media Player.

To be more precise, Microsoft has actually released an update to a previously issued patch. It seems that there was a glitch with the MS08-67 Windows Media Component patch for systems running Windows XP and Windows Media Format Runtime 9.5 – the glitch being that the patch would not properly install.

“This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system,” explains Microsoft TechNet.

On a little side note, when security researcher Laurent Gaffi confronted Microsoft about the possibility of using malformed .wav, .mid, or .snd files to compromise a machine, Christopher Budd, spokesperson with Microsoft, denied such a possibility. He did admit thought that the vulnerability in the software would cause Windows Media Player to crash – with this recent update such issues should not be a problem anymore.

Moving on to the January Patch Tuesday, it must be said that Microsoft has issued a patch that plugs a total of 11 security vulnerabilities, 6 of them deemed as critical and the rest as moderate which affect the Microsoft Server Message Block Protocol (SMB). All of these security vulnerabilities, which impact Windows XP Service Pack 2 and 3, Windows Vista and Vista service Pack 1 to name but a few, could lead to remote code execution (the most severe security impact they could have on your system).


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all