Microsoft fights "music of mass destruction"

Summary:Most of the time when a security hole is discovered in Windows, users have to wait until the next monthly "Patch Tuesday" to get it fixed. Sometimes an exception is made if the flaw is particularly bad. Therefore Microsoft must consider the FairUse4WM program the most critical security flaw ever!

Most of the time when a serious flaw, such as a security hole, is discovered in Windows or another Microsoft product, users have to wait until the next monthly "Patch Tuesday" to get it fixed. Sometimes an exception is made to push a patch out earlier if the flaw is particularly bad. But other security holes may languish for months until they're publicly "outed" or an exploit is released into the wild.

Therefore, Microsoft must consider the FairUse4WM program the most critical security flaw ever! FairUse4WM is a program that cracks the DRM protection in Microsoft's Windows Media player. This would let you perform dangerous activities like making copies of music you bought, or watching movies beyond their expiration date. Apparently this set off some alarms in Redmond because only three days after the program was announced, Microsoft pushed a patch to disable it into the Windows Update stream. According to Bruce Schneier of Wired News, that's their quickest patch ever:

To Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer. So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.

 

Whew, I feel safer already. Of course, it should surprise no one that the authors of FairUse4WM have issued their own patch that evades the Microsoft patch. Can this war ever be won?

Topics: Security

About

Ed Burnette has been hooked on computers ever since he laid eyes on a TRS-80 in the local Radio Shack. Since graduating from NC State University he has programmed everything from serial device drivers and debuggers to web servers. After a delightful break working on commercial video games, Ed reluctantly returned to business software. He... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.