Windows Media Player Has No Flaws Says Microsoft

Microsoft Corp. has denied reports that a security hole in its Windows Media Player application could be exploited to execute remote code on user’s PC.

In its post to Security Vulnerability Research and Defense blog, the software giant has notified that it has investigated the reports that appeared on the web last week, and claimed that the reports were “false”.

The investigations were triggered by a report published on the Bugtraq by researcher Laurent Gaffie, and reported a serious vulnerability in Windows Media Player version 9, 10, and 11.

However, Microsoft acknowledged that the code published on Bugtraq could crash the Windows Media Player, but claimed that it doesn’t affect the system at all.

Incidentally, Gaffie noted that the vulnerability could enable hackers to create maliciously formed SND, MIDI, and WAV files to compromise PCs with Windows XP and Vista operating systems.

Along with denial, Microsoft has condemned Gaffie for publishing security claims without first addressing it to the company, and expressed its dissatisfaction by saying “If he had, we would’ve done the exact same investigation we just completed”.

Later on Microsoft found that the so called flaw was actually a part of “ongoing code maintenance”, which has already been tackled in its Windows Server 2003 Service Pack 2.

Go To Page 2 for our comments and more related links

Our Comments

Windows Media Player is one of the most popular software as it is bundled by default with Windows. So no wonder that it is a preferred target for cybercriminals. Microsoft is possibly downplaying the security flaw to avoid a manic rush by criminals to exploit it over the extended holiday period. Expect a critical patch on Tuesday the 6th of January though during Patch Thuesday.

Related Links

Microsoft refutes Windows Media Player vulnerability

(Network World)

Windows Media Player flaw denied

(The Register)

Microsoft denies vulnerability in Windows Media Player


Microsoft denies the severity of a Media Player exploit

(Beta News)

Microsoft downplays Windows Media Player bug

(Computer World)

No Vulnerability in Windows Media Player, Microsoft Says

(CIO Today)

Microsoft downplays Windows Media Player bug

(Tech Spot)

Microsoft denies a major bug in Windows Media Player

(Tech Whack)