ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Patch Tuesday: Gaping security hole in Windows Media Player

By | March 8, 2011, 12:23pm PST

Summary: Microsoft today warned that the Windows Media Player that ships with every copy of its Windows operating system contains a critical vulnerability that could allow remote code execution if a user is tricked into opening a video file.

Microsoft today warned that the Windows Media Player that ships with every copy of its Windows operating system contains a critical vulnerability that could allow remote code execution if a user is tricked into opening a video file.

The disclosure forms part of this month’s Patch Tuesday release where Microsoft shipped three bulletins with patches for security holes in Windows and Microsoft Office.

The most serious of the three bulletins is MS11-015 and Microsoft is urging all Windows users to apply this update immediately because of the severity and the likelihood of working attack code within 30 days.follow Ryan Naraine on twitter

This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.

The Windows Media update is rated “critical” for affected editions of Windows XP (including Windows XP Media Center Edition 2005); all supported editions of Windows Vista and Windows 7; and Windows Media Center TV Pack for Windows Vista.

The biggest problem exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files.

This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted .dvr-ms file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

For businesses using the Microsoft Groove workspace sharing product, pay special attention to MS11-016, which covers a remote code execution issue in Groove.

This security update resolves a publicly disclosed vulnerability in Microsoft Groove that could allow remote code execution if a user opens a legitimate Groove-related file that is located in the same network directory as a specially crafted library file.

The vulnerability exists in the way that Microsoft Groove 2007 handles the loading of DLL files. “An attacker who successfully exploited this vulnerability could take complete control of an affected system,” Microsoft warned.

This month’s Patch Tuesday batch also includes MS11-017, an “important” bulletin covering a code execution flaw in the Windows Remote Desktop Client.

The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file.

It’s important to note that there are several outstanding issues that were not patched this month.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Microsoft Windows Media Player, Security, Windows Media, Vulnerability, Microsoft Corp., Media Player, Microsoft Windows, Digital Music, Operating Systems, Digital Media, Software, Personal Technology, Consumer Electronics, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

72
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Patch Tuesday: Gaping security hole in Windows Media Player
jamesrayg 10th Mar 2011
@Gr8Music You mean a complex piece of software has bugs? I must've missed that memo.
View in thread
0 Votes
+ -
Install your updates!
Will Farrell 8th Mar 2011
The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
tonymcs@... 8th Mar 2011
@Will Farrell

A show of hands.

Who has ever used or seen a video file with a dvr-ms extension? Yes I know it's the superseded format for Windows Media Center recording video files, but I've never seen one.

And if anyone ever does see one, it's already been fixed.

This is what passess for a "GAPING HOLE" these days wink
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
daikon Updated - 8th Mar 2011
@tonymcs@...
It has been tagged Critical for a reason, it is one more tunnel that has been closed. If the writer embellished this article, you commented now maybe all consumers will take notice that this update is important. You can feel save it does not effect you, excellent.

Not all consumers are you or have auto update on for what ever reason/excuse. This is important for those that are not as tech savvy as you.


I believe this has been posted once before running Secunia PSI to check un-patched/outdated third party software.

Update third party programs. Thank you, Ryan Naraine for the article.
0 Votes
+ -
Media Player correctly identifies media files no matter the extension
kd5auq 9th Mar 2011
@tonymcs@...
You can change the extension on a .dvr-ms file to .mpg or .avi and Media Player won't complain. If just opens it and goes on with it's business.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
biotech_010 8th Mar 2011
@Will Farrell
I just checked mu updates, and it has not been installed yet, when will this happen?
0 Votes
+ -
Patch Tuesday
GerryR1 8th Mar 2011
@biotech_010
It's always on the second Tuesday of each month. If you're using and you patch with SP1 you will no longer be able to access the Internet. You can just go back two or three versions of Avast and then everything's fine. Or you could stop using Avast.
0 Votes
+ -
And Linux Comment in 3..2...1...
facebook@... 8th Mar 2011
Get Ready for it folks. Here come the Linux and Mac Fan bois
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
galley 8th Mar 2011
@facebook@... Where? Not seeing any of the promised Linux and Mac Fan bois at this point. Methinks you have a persecution complex. happy
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Alan Smithie 8th Mar 2011
@facebook@...

No comment happy
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
jeremychappell 8th Mar 2011
@facebook@... Err, where are they? Oh, not here. Strange, maybe they're busy.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Cylon Centurion 8th Mar 2011
@jeremychappell

They're busy wondering how to apologize for the latest Android malware and the hacking of the track listing. And then figuring out how to cover up the evidence that Linux just isn't as infallible as they think happy
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
LTV10 8th Mar 2011
Must have been all that Zuckerberg blather he's been listening to.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
MrElectrifyer Updated - 9th Mar 2011
@facebook@... LMAO they are probably still crying to Steve Jobs saying " hey Steve Jobs! you lied to us that the MAC OS is immune to malware " happy

I hail 2011 for shinning some light on the truth, it has finally revealed to the Unix derivatv noobs that " NO man-made computer is immune to malware nor nasty hackers".

Will keep an eye on this article for the Unix derivatv fanboy tallbacks wink
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
I12BPhil 9th Mar 2011
@facebook@... How is that any different than all the MS fanbois jumping in on all the Apple stories?

Hypocritical much?
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
radleym 9th Mar 2011
@facebook@...Those linux banbois are so damn clever - if they say anything its because they're fanatics - if they don't its because they ralize how wonderful MS is, right?
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
1773 8th Mar 2011
The title should have been:
Patch Tuesday: Gaping security hole in Windows Media Player fixed
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
statuskwo5 8th Mar 2011
@1773 I know, right?
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Marine_01 8th Mar 2011
@1773

No, that would be fair to Microsoft. And we alllll know that you can't be fair to Microsoft.

Personally, I've been searching for the press releases Apple puts out when a massive security hole is found in OS X. They exist, and there is a list of them on Apple's website hidden deep. Microsoft actively looks for, announces, and fixes problems with security. Apple hides the problem and tells the masses, "Don't mind the bugs behind the curtain, there are no security problems with OS X."
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
MrElectrifyer 9th Mar 2011
@Marine_01 LOL
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
DannyO_0x98 9th Mar 2011
@Marine_01
Are these Microsoft press releases or security advisories? I think the latter.

Apple also publishes security advisories, places them consistently in a well-known position on their web site and provides a link for users to get the details when a patch is provided.

For instance, at another ZDNet article, I learned that java, for which a lot of problems were recently identified and fixed for other oses, is updatable today.

I'm installing right now. Included in the abstract on Software Update is this: "For information on the security content of this update, please visit: support.apple.com/kb/HT1222." Such a short url for deep hiding.

Apple has been relatively slower to patch its jvm and I'm wondering if this one's quickness (two or three weeks instead of months) reflect that Oracle may be more heavily involved in the maintenance. No matter, faster is better.

One final thought, come on guys, it's time to grow up. Software ships with bugs. Bugs are found. Bugs are fixed. While you try to pump this particular iteration of the cycle into a skirmish in your perceived os armageddon - and I think the point you are trying to make is that Microsoft is better because others are worse, which does not stand the least of logic scrutinies - that balloon ain't gonna fly.

And to any one who Nelson Muntzes Microsoft on this patch in order to promote OS X or Linux: you too should grow up.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Marine_01 9th Mar 2011
@Marine_01

DannyO,

Comparatively speaking, Apple is not nearly as up front about security issues as Microsoft. Microsoft has their security section link on the main page of their website. Apple's is buried in the support section, and security updates are not consistent across their pages... i.e., one page has one set of updates, another one has some very different updates. That's why I call it buried.
0 Votes
+ -
Sure thing. If SJVN was writing this blog
Will Farrell 8th Mar 2011
@1773
the whole story would heve been as follows:

Microsoft today warned that the Windows Media Player that ships with every copy of its Windows operating system contains a critical vulnerability that could allow remote code execution if a user is tricked into opening a video file.

On the other hand, Ubuntu Holes Found, Holes Fixed.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Rama.NET 8th Mar 2011
@Will Farrell
LOL. You made my day. grin
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
jeremychappell 8th Mar 2011
@Will Farrell The first time they covered that it was not quite like that. In fact pure FUD

However, two wrong's don't make a right. I don't think we're seeing any particular bias from ZDNet here - just falling standards. It does seem a bit rich to sensationalise Microsoft's own releases like this. If Microsoft decide to tone down their language then ZDNet can accuse them of not taking security seriously. It's really poor.

Here Microsoft have done the right thing, been honest about a problem once they had a fix in the wild (basically; "this is serious - apply the fix now") I don't really know what else Microsoft can do here ... damned if you do, damned if you don't.
0 Votes
+ -
M$ fanbui damage control
LTV10 8th Mar 2011
Ubuntu Holes Found, Holes Fixed, No Exploits

Micro$oft Holes Found, Holes Not Fixed, Exploits Aplenty
0 Votes
+ -
You appear to be what is known as a sore loser
Mister Spock Updated - 8th Mar 2011
@LTV10
You wish to mock others while complaining when you are being mocked yourself?

It is illogical to stay in a kitchen if the temperature is not to your liking.

That is the correct phrase, if I remember accuatelly.

plain
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
WilErz 8th Mar 2011
@ LTV10

There are all sorts of unpatched holes in Linux and the other components that make up Ubuntu. Secunia report 16 unpatched vulnerabilities in the Linux kernel alone:

http://secunia.com/advisories/product/2719/

When you add all the unpatched holes in X.Org, Gnome, the standard libraries, etc., it really starts to look vulnerable.
0 Votes
+ -
Nothing "sore" here...
LTV10 8th Mar 2011
You appear to be what is known as a sore loser. You wish to mock others while complaining when you are being mocked yourself?

lol... Now how's that, Mr. Faux Pointy Ears? Do tell.

There are all sorts of unpatched holes in Linux and the other components that make up Ubuntu. Secunia report 16 unpatched vulnerabilities in the Linux kernel alone:

@WilErz
Theoretical vulnerabilities created in a testing lab are not the same as actual exploits, which was the point I tried to make up above. Anything less than that is FUD. Pure & simple.

Know the difference.
0 Votes
+ -
And an appologist, to Mister Spock
Will Farrell 9th Mar 2011
@Spock
LTV10 is an appologist, too! Look how he claims all security issues with Linux are nothing but "theoretical, created in a lab" while implying that Window's are all "found in the wild"
0 Votes
+ -
No apologies here...
LTV10 9th Mar 2011
LTV10 is an appologist, too! Look how he claims all security issues with Linux are nothing but "theoretical, created in a lab"

Pretty much. Do you have any bona-fide current exploits for Linux that you'd like to share with us?

Ya know...things like malware, adware, spyware, trojans, viruses, etc.

Do tell...

while implying that Window's are all "found in the wild"

Pretty much. M$ tends to be reactive instead of proactive. You do know the difference, right?

wink
0 Votes
+ -
Maybe it's just me...
itpro_z 8th Mar 2011
...but any security hole that requires the user to open a file is not "gaping". Am I the only one who sees ZDNet becoming more and more sensational and less and less informative over time? Perhaps it is time to move on.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Marine_01 8th Mar 2011
@itpro_z

It's par for the course these days, at least when you can make Microsoft look bad.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Loverock Davidson 8th Mar 2011
@itpro_z
No you are not the only one.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
GWCC 8th Mar 2011
@Loverock Davidson
Oh pleeeese tell us you're moving on!!
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
KBot 8th Mar 2011
@itpro_z

What I think they're getting at is of how much control the malware gets when you run the vid as compared to other malware or viruses.
0 Votes
+ -
Can you expand upon this?
ye 8th Mar 2011
@KBot: What I think they're getting at is of how much control the malware gets when you run the vid as compared to other malware or viruses.

I don't see it being any different than any other malware. It gains the same user rights as the user running Windows Media Player. How would this be any different?
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
KBot 8th Mar 2011
@ye
No actually I can't expand on this. My reply was pure conjecture. I don't know enough about previous malware to make a correllation between this and others. I was assuming the wording used implied a more urgent issue compared to recent ZDNet posts based on malware. If I'm wrong about my comment I take full responsibility.
0 Votes
+ -
It's no different.
ye 9th Mar 2011
@KBot: No actually I can't expand on this. My reply was pure conjecture. I don't know enough about previous malware to make a correllation between this and others.

Appreciate the honesty.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
pupkin_z 8th Mar 2011
@itpro_z exactly! more fluff, less substance.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
DannyO_0x98 9th Mar 2011
@itpro_z
It's your clock.

I run Windows and I work where Windows is run. I follow in from the headline in order to read and form my assessment of risk severity in my context.

I agree that gaping doesn't match my perception, but, because it is a standard, though rarely used, media format, this has potential to be a real wolf in sheep's clothing and I'm glad we are hearing about it on the eve of its fix.

Other sites do the tease game. I'd recommend direct subscription to the security advisories if you really have a problem with what word a blogger selects from the thesaurus.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
kynth@... 8th Mar 2011
This vulnerability could allow an attacker to execute arbitrary was noted in earlier critical patches from the beginning of Windows Media Player, So the critical flaaw hasn't been fixed since the 90's
0 Votes
+ -
ZDNet is a paid shill for Google and Apple.
mustangj36@... 8th Mar 2011
They make Microsoft look as bad as possible while running articles and whitepapers about Google services that are really advertisements. As for Apple, ZDNet may as well be on their payroll.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Alan Smithie 8th Mar 2011
@mustangj36@...

Nah, MS does a good enough job on it's own.
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
Marine_01 8th Mar 2011
@Alan Smithie

Pray tell, how are they doing it to themselves?
0 Votes
+ -
Not as well as you.
Will Farrell 8th Mar 2011
@Alan Smithie
On their worst day they still look better then you do on your best!
But keep practicing, Charlie
0 Votes
+ -
Gaping hole? This isn't even news, let alone headline.
xuniL_z 8th Mar 2011
zdnet has become a bonafide ABM site, particularly puncuated by bringing on sjvn, a man whose career has been nothing more than pushing ABM hyperbole.
At the risk of being repetitive, does this guy look, at all times, like he's well into a meth binge?
Since when would a bug that requires social engineering become headline news and termed a "Gaping" hole?
I guess considering Linux gets a free pass here, the daily bugs rarely making post, regardless of their severity...same goes for OS X and all things Apple, it shouldn't be surprising, should it.

Way to go!!
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
KBot 8th Mar 2011
@xuniL_z

Dude quit spamming, SJVN has nothing to do with this post. How long have you been reading ZDNet articles? There are bloggers that have specific niches, some windows, some apple, some linux, and others have to do with different topics, security, social media, green energy, hardware. ZDNet covers lots of stuff, the bloggers are biased to a degree as that's what they're covering, but there are bloggers for all sides of a story, so MS gets its fair share, Apple gets its, and linux gets its.
0 Votes
+ -
Boo hoo
Richard Flude 8th Mar 2011
ZDNet article on MS security gets the same headlines as Apple has for years and the MCSEs are out crying.

I'd agree the MS shine on ZDNet has wilted, thank goodness. Welcome to the real world where MS intimidation isn't significant anymore.

A great time to be in IT (maybe not for the MCSE;-).
0 Votes
+ -
Holy Cow - Richard Flude posting on an MS story!
Will Farrell 8th Mar 2011
@Richard Flude
Actualy, it's a great time to be an MCSE, just not a great time to be out of work admin like you.

Should have kept those MS certs up, those other you replaced them with don't look to have gotten you a job yet.

but then they have to use the OS for you to be able to manage it! LOL!
0 Votes
+ -
Will, admin?
Richard Flude Updated - 8th Mar 2011
Some of us started above that level, then we haven't a joke qualification that holds us back.

You better get back to clicking buttons, applying updates and rebooting:-)
0 Votes
+ -
RE: Patch Tuesday: Gaping security hole in Windows Media Player
jamesrayg 10th Mar 2011
@Gr8Music You mean a complex piece of software has bugs? I must've missed that memo.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix