HT-News

Microsoft Says WMP Vulnerability Not Harmful.

A security researcher discovered an "alleged vulnerability" involving Windows Media Player, however Microsoft claims that there is no possibility for harmful code execution. In fact, Bill Gates" dominating opus labels the claim as "false" after an extensive investigation over the Christmas holidays. According to the company, the security researcher never contacted Microsoft about the vulnerability, but rather posted the report along with proof of concept code to a public mailing list. Microsoft says that once the report began to circulate, other "organizations" began to claim that the issue was a code execution vulnerability in Windows Media Player version 9, 10, and 11. Apparently, the researcher"s concept code actually does crash the media software, however the incident remains within the application, and doesn"t effect with Windows operating system itself. In fact, Windows Media Player can be restarted immediately after the crash. Microsoft claims that the issue was already addressed in Windows Server 2003 SP2, and will be addressed in other future versions. Microsoft actually seemed rather baffled as to why the researcher chose not to contact the company directly. "Unfortunately, the researcher (Laurent GaffiÓ©) chose not to come to us with this initial report," says a Microsoft Security Response Center blog entry. "If he had, we wouldò€™ve done the exact same investigation we just completed. When we were done, we would have let them know what we found, asked him if he thinks we might have missed something, continued the investigation if there was more information, and ultimately closed the case if we didnò€™t find a vulnerability. This is how we handle all of the cases we investigate with responsible researchers every year." Recently Microsoft has been in a constant, negative spotlight, first with accusations that the company knew about faulty hardware before shipping the first batch of Xbox 360 consoles. Just last week Microsoft scrambled to generate a fix for a security hole in all versions of Internet Explorer, and earlier this week thousands of 30GB Zune portable media devices locked up at 12:00:01 a.m. Although Microsoft poses to release Windows 7 Beta 1 next month which already appears on Torrent search lists. Thankfully, the supposed Media Player vulnerability was an erroneous claim.. or at least that"s what Microsoft says. "Weò€™ve found no possibility for code execution in this issue," the company said.


Add your comment:
Name:
Site address: http://
Your message:
Enter today\\\\'s date, 2 digits
(spam protection):

Categories
Hardware
About evocos
HT-News
IT-Services
Networks
Reviews
Security
Software
News of the day
TG Daily Video: Intel demonstrates Core 2 Duo performance gains.
Los Angeles (CA) - At the E3 Expo last week, Jodi Geniesse from Intel showed us the upcoming Arima entertainment PC which is basically a computer integrated into a nice LCD panel. The PC will be Viiv-branded and able to stream video and music across networks. A wireless keyboard is included and is slide under the computer when not in use. A webcam is intergrated into the top of the unit.
Popular Articles

Appoint IT LLC Selects Scio Consulting for SaaS Product Design and Development
Appoint IT has announced today they have selected Scio Consulting to design and develop Appoint IT, a Software-as-a-Service (SaaS) appointment scheduling application for the healthcare and service industry.

MIT Develops Way To Measure Hurricanes By Sound.
Cambridge (MA) - Determining the difference between a level two and level three hurricane may be done in the future by measuring the sound instead of flying in airplanes in the middle of it at several hours throughout the day.

© Copyright 2009