Microsoft Corp. has denied reports that a security hole in its Windows Media Player application could be exploited to execute remote code on user’s PC.
In its post to Security Vulnerability Research and Defense blog, the software giant has notified that it has investigated the reports that appeared on the web last week, and claimed that the reports were “false”.
The investigations were triggered by a report published on the Bugtraq by researcher Laurent Gaffie, and reported a serious vulnerability in Windows Media Player version 9, 10, and 11.
However, Microsoft acknowledged that the code published on Bugtraq could crash the Windows Media Player, but claimed that it doesn’t affect the system at all.
Incidentally, Gaffie noted that the vulnerability could enable hackers to create maliciously formed SND, MIDI, and WAV files to compromise PCs with Windows XP and Vista operating systems.
Along with denial, Microsoft has condemned Gaffie for publishing security claims without first addressing it to the company, and expressed its dissatisfaction by saying “If he had, we would’ve done the exact same investigation we just completed”.
Later on Microsoft found that the so called flaw was actually a part of “ongoing code maintenance”, which has already been tackled in its Windows Server 2003 Service Pack 2.
Go To Page 2 for our comments and more related links
Windows Media Player is one of the most popular software as it is bundled by default with Windows. So no wonder that it is a preferred target for cybercriminals. Microsoft is possibly downplaying the security flaw to avoid a manic rush by criminals to exploit it over the extended holiday period. Expect a critical patch on Tuesday the 6th of January though during Patch Thuesday.