...alternate "skins" for their media players. This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
- Windows Media Player 7.1 on Windows 2000 SP4
- Windows Media Player for XP on Windows XP SP1
- Windows Media Player 9 on Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003
- Windows Media Player 10 on Windows XP S1 or Windows XP S2
Risk level
This is a critical threat for Windows Media Player 9 and Windows Media Player 10. Microsoft has rated it critical because a successful exploit would permit a remote attacker to take complete control of a vulnerable system — not because it's easy to exploit or likely to be a major attack vector. This is an important threat for Windows Media Player 7.1 and Windows Media Player for XP.
Mitigating factors
This threat requires a considerable amount of social engineering to get users to download the dangerous code, as Windows Media Player is typically not an application that deals with .bmp files.
Fix
Install the update. Microsoft has tested multiple workarounds for this attack vector, but they involve editing the registry. It's probably easier to just install the patch, especially since the workarounds cause multiple functionality restrictions in many DirectX applications.
MS06-006
Microsoft Security Bulletin MS06-006, Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution, addresses a Windows Media Player plug-in vulnerability (CVE-2006-0005), which is due to another unchecked buffer. This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
- Windows 2000 SP4
- Windows XP SP1
- Windows XP SP2
- Windows XP x64 Edition
- Windows Server 2003
- Windows Server 2003 SP1
- Windows Server 2003 x64 Edition
Risk level
While this is a remote code execution threat, Microsoft has rated it important for all affected systems.
Mitigating factors
This threat doesn't affect IE users — only users of alternative Web browsers. In addition, a potential attacker would have to convince users to visit a malicious Web site or open a suspicious email.
Fix
Install the update. While there is a Microsoft-approved workaround available, using...
Talkback
I would like to know why we call the bulletins "Security Bulletins"? I believe that the right term is "Insecurity Bulletins" which MS publishes and serves to list the ubiquitous security breeches found in the Microsoft Software offerings.
I would like to think that a security bulletin is a praise for the robustness of a product, and not the listinjg of the flaws.
Please change the headings for future insecurity listings.