We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,693 News Articles

Angry Microsoft admits Media Player code crasher

But refutes Windows Media Player vulnerability

Microsoft is denying that an alleged vulnerability affecting its Windows Media Player software, identified by a security researcher on Christmas Eve, is a security risk for PC users.

On a company blog Monday, Microsoft said the claims posted on SecurityFocus's Bugtraq site on December 24 that a bug in Windows Media Player 9, 10 or 11 on Windows XP or Vista allowed remote code execution are "false."

"We've found no possibility for code execution in this issue," according to a Microsoft Security Response Center blog entry.

Microsoft acknowledged that the code posted on Bugtraq does crash Windows Media Player, Microsoft's software for playing music and video files, but the application can be restarted "right away" and doesn't affect the rest of the system.

Microsoft also in the blog entry criticizes the security researcher, identified as Laurent Gaffié on the Bugtraq post, for not reporting the vulnerability to the company when it was first found so the claim could be dismissed earlier.

"If he had, we would've done the exact same investigation we just completed," according to the blog entry. "When we were done, we would have let them know what we found, asked him if he thinks we might have missed something, continued the investigation if there was more information and ultimately closed the case if we didn't find a vulnerability. This is how we handle all of the cases we investigate with responsible researchers every year."

Microsoft said it began investigating the report of the vulnerability as soon as it was posted late Christmas Eve, and that researchers worked over the holiday period to look into the situation.

Microsoft ultimately discovered that the so-called vulnerability was part of "ongoing code maintenance" and that it's already been addressed in Windows Server 2003 Service Pack 2. Microsoft plans to address the problem in future versions of its software.


IDG UK Sites

Samsung Galaxy Alpha vs iPhone 5S comparison review: Metal smartphones fight

IDG UK Sites

Gateway to your kingdom: why everybody should check and update their broadband router

IDG UK Sites

Fonts review

IDG UK Sites

Best Mac? Complete Apple Mac buyers guide for 2014