# Microsoft Releases CRITICAL UPDATE for Windows Media Player 7.1



## John Corn (Mar 21, 2002)

MELBOURNE, Australia--Melbourne-based IT firm, itSecure, today issued a strong warning to users of recent version Windows Media Player to download software from Microsoft to patch the application's security ( news - external web site) hole.

"Download and install the patch ASAP," advised itSecure's chief security officer, Raoul Wegat. According to itSecure, the risks associated with failing to patch the alleged weakness are severe.Wegat said that itSecure rates the alleged vulnerability as severe, as it could allow hackers to run code on the victim's computer.

"Microsoft haven't released any details about it but an attacker can run code of his or her choice on a vulnerable system," said Wegat. "That basically means that an attacker may be able to take over the system".

According itSecure, users running unpatched versions of Windows that don't have inbuilt user-based security access--as is found in Windows NT, Windows 2000 ( news - web sites) and Windows XP ( news - web sites)--are most at risk of an attack. That would mean that Windows 98 ( news - web sites), common in office and home environments, is the Windows offering that is most vulnerable to attack.

Wegat couldn't say how often itSecure would attach a severe rating to its security alerts but said that it was becoming all-too-often when it comes to Microsoft products. Missed the newsletter
Wegat said he doesn't know who discovered the vulnerability but that Microsoft has handled its discovery "very discreetly". "There's been no posting of the problem on any of the security lists or forums so the person that's found the problem has gone straight to Microsoft," said Wegat.

Microsoft's marketing manager for desktop, Paul Roworth, said the company wasted no time in notifying the public of the security flaw through the Microsoft.com knowledge base. 
Unfortunately, said Roworth, the public disclosure of the vulnerability fell two days to the wrong side of the approval deadline for the company's fortnightly, 250,000-subscriber security newsletter.

Roworth claims he couldn't pinpoint exactly when the vulnerability first came to Microsoft's attention. According to Roworth, Microsoft Australia is partially dependent on journalists and interested parties that pro-actively subscribe to its security newsletters and bulletins to inform customers of vulnerabilities in its products.

"In Australia we've got to be cognitive of things like privacy laws," said Roworth. "We have to ensure we are notifying customers that have indicated that they want to be kept up to date by Microsoft".

Download it here:
http://windowsupdate.microsoft.com/default.htm
Click on Product Updates.

It's a freaking media player, stop forcing people to connect to the internet with it. Stuff like this isn't in something like WinAmp... Why? Because it is an MP3 player, plain and simple! Ugh, why won't they realize people don't WANT a 30MB application to simply play audio and video?


----------



## James_F (Apr 23, 2002)

Only Microsoft can make a media player that is a security problem. :nono:


----------



## gcutler (Mar 23, 2002)

I just bought a Microsoft Web Enabled Refrigerator and due to the security hole, all my Ice Cream was melted by a hacker  :grin: :wave:


----------



## Steve Mehs (Mar 21, 2002)

Winamp and now Real Player and the one media players I use. I don even have WMP on my PC anymore.


----------



## James_F (Apr 23, 2002)

I wish I could remove it from WinXP. I can't wait until the Service Pack is released in September so I can remove all that Microsoft crap. 

The problem I have with WinAMP and Real Player is they are just as bad as microsoft taking over your computer. WinAMP puts itself in every right-click menu and throws AOL icons everywhere. RealPlayer does the same thing with the AOL icons and it "updates" itself without asking. I've been useing Quicktime and MusicMatch Jukebox since both of them don't mess with my settings. The only thing they can't handle is the new RealOne steams, but you have to pay for those anyway.


----------



## Rage (Aug 19, 2001)

RealOne is a pain in the ass. I was suprised by how many bookmarks they made for themselves in my Fav. list.


----------



## MarkA (Mar 23, 2002)

"I can't wait until the Service Pack is released in September so I can remove all that Microsoft crap."

Wrong. Very wrong. One, I expect SP1 to be released the end of August . Two, and far more important: It doesn't let you remove anything. How could you remove something required for the OS to operate? It just removes access to it so it's harder to use.


----------

