January 1, 2009 by Mark Isle
Claims by researchers that Windows Media Player has a bug that allows hackers to expose vulnerable systems to malicious code have been rubbished by Microsoft. The company do acknowledge that there is a bug in the system though they claim that it only allows hackers the opportunity to make the system crash, and no greater security risk.
The flaw is known as the WMP integer overflow bug and makes itself known when the player processes WAV, MIDI or SND files that have been specifically built by hackers to exploit it.
Microsoft have predictably downplayed the flaw, even accusing the researchers who have spoken out of ‘spooking’ the public and ‘premature disclosure,’ whatever that means. This may well be true though it is worth remembering that only one of these parties has a vested interest, Microsoft. What I mean is essentially that a security analyst’s only job is to be right, he or she doesn’t have to worry about brand image or sales of PCs.
Whatever the bug actually exposes you to, it’s worth being aware. If you run either Media Player 9 or 11 on a fully patched Windows XP system then your system is potentially vulnerable to this type of attack. However other combinations may also be able to be affected so it’s best to be careful about what you download using WMP for the time being.
Related posts:
