Security patch for Windows Media Player

Microsoft has issued a patch for some versions of Windows Media Player to remove what the company called a critical system...

Microsoft has issued a patch for some versions of Windows Media Player to remove what the company called a critical system vulnerability.

The flaw involves the part of Windows Media Player that lets users download new "skins", or visual interfaces to the player, according to a security advisory on Microsoft's website.

Using the vulnerability, attackers could force a file masquerading as a skin file into a known location on the user's PC or place a malicious executable on the system.

To do so, the attacker would have to either entice the user to go to a website designed to exploit the vulnerability or embed a link to the website in an HTML e-mail message.

Depending on what e-mail client software and which security updates were installed, the attacker might be able to launch the malicious executable without the user even clicking on the link.

The vulnerability affects Windows Media Player 7.1 and Windows Media Player for Windows XP. Microsoft is unsure whether previous versions will be affected by the vulnerability.

It does not affect Windows Media Player 9.0 Series.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT strategy

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close