We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Concern over Windows Media Runtime flaw

Microsoft changes tune; attackers are exploiting bug

One of the 34 bugs Microsoft patched on Tuesday is more serious than it first appeared, the company has revealed.

Two hours after initially reporting in its security bulletin (MS09-051) that it was unaware of attacks exploiting a multimedia flaw in the Windows Media Runtime software, Microsoft revised its assessment. The software giant now says that its initial bulletin was wrong and it has in fact seen "limited attacks trying to use the reported vulnerability".

The flaw lies in the way the Windows Media Runtime software processes certain types of ASF (Advanced Systems Format) files, used by streaming media. Microsoft rates the issue as critical for Windows 2000, XP, Vista and Windows Server users.

It was initially reported to Microsoft by both McAfee and 3Com's TippingPoint unit.

A McAfee spokesman echoed Microsoft's assessment of the bug on Tuesday. "We have not seen any extensive in-the-wild exploitation of this vulnerability," said Joris Evers.

Although the bug had been publicly disclosed, it was not widely known in the security research community.

McAfee's Evers said that one of his company's researchers had stumbled across the bug in a Chinese language bulletin board.

Tuesday's patch release was Microsoft's largest ever, fixing 34 bugs in the company's software, including vulnerabilities in the SMB (Server Message Block) 2 software that Microsoft introduced in Windows Vista and the FTP (File Transfer Protocol) service that ships with some versions of the IIS (Internet Information Services) web server. These two bugs had also been publicly disclosed, although neither is being used in any kind of widespread attack, security experts say.

Administrators should install the Windows Media Runtime patch as soon as possible, because this type of flaw could easily be exploited in a web-based attack, said Andrew Storms, director of security operations with nCircle. "You can embed malicious code in what looks like a normal audio file," he said.

See also:

PC security advice


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model