Microsoft does DRM flaw u-turn

Despite having said that a Windows Media Player vulnerability was not a software flaw, Redmond is now issuing a patch to deal with the problem
Written by Jo Best, Contributor
Last week, Microsoft declared Windows Media Player's method of handling DRM licences wasn't a security flaw, and said they wouldn't be issuing a patch. This week, the Redmond giant has changed its mind.

Antivirus company Panda Software warned last week that hackers are using the player's DRM tool to fool people into downloading spyware and viruses.

However, Microsoft said at the time that the issue was not a flaw because it relied on social engineering, rather than automatic infection, to get users to download malware. Two Trojans are already in the wild designed to exploit the mechanism, which affects both Windows Media Player 10 and XP SP2.

Microsoft is sticking to its guns and maintaining that the fact that an anti-piracy feature can be exploited does not a security flaw make - but Redmond is saying it will patch the programs anyway.

A Microsoft spokeswoman said: "Microsoft stated several weeks ago that they were looking into the issue and that this problem was not a security flaw. That position has not changed."

"After further review, they determined that it made sense to offer an update to consumers that would allow them to have greater default control over licence acquisition elements within the Player... Microsoft will release an update in the next 30 days," she added.

ZDNet UK's Dan Ilett contributed to this report

Editorial standards