LISTSERV - VICUG-L Archives - LISTSERV.ICORS.ORG

VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	VICUG-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Microsoft Warns Of Media Player Security Vulnerability
From:	Chris McMillan <[log in to unmask]>
Reply To:	Chris McMillan <[log in to unmask]>
Date:	Tue, 20 Nov 2001 14:14:41 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (62 lines)

Microsoft Warns Of Media Player Security Vulnerability

By Steven Bonisteel, Newsbytes
REDMOND, WASHINGTON, U.S.A.,
20 Nov 2001, 12:27 PM CST

 Microsoft Corp. [NASDAQ:MSFT] is urging users of its Windows Media
Player software to apply a security patch that plugs a hole in one
version that can allow a malicious attacker to take control of a user's
PC.

The Redmond, Wash., company said in a bulletin published Monday night
that code in Windows Media Player 6.4 used to play Advanced Streaming
Format (ASF) content is prone to what is known as a buffer overrun.

Buffer overruns can occur when software fails to ensure that incoming
data will fit within the computer memory reserved for it. Extra data
spilled into memory might simply cause a program to crash. However, a
savvy hacker can turn a buffer overrun into a doorway to vulnerable
computers if he or she can inject malicious code with the overrun and
get it to execute.

The Code Red worms were examples of code that exploited buffer overruns
in Web severs to automatically traverse the Internet. But Microsoft
pointed out that a hacker hoping to use the Windows Media Player
vulnerability would have to entice individuals to download and play the
specially malformed ASF files.

Microsoft said the newly discovered problem is specific to its version
6.4 Media Player, but that it has created a patch that fixes a number of
vulnerabilities - one for which Microsoft offered a fix a year ago and
some of which are in code that is also part of newer releases of the
software.

The company said it is urging users of all version of the Windows Media
Player - through version 7.1 - to download the patch.

Windows XP users are being asked to download an updated Windows Media
Player via Microsoft's Windows Update site, rather than apply a patch.

Additional information and links to the software updates is here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/
security/bulletin/MS01-056.asp.

Reported by Newsbytes.com, http://www.newsbytes.com .

12:27 CST

(20011120/WIRES ONLINE, PC, BUSINESS/WINMP/PHOTO)


C 2001 The Washington Post Company


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG