Zero Day Exploit Found in Windows Media Player 177
filenavigator writes "Another zero day flaw has been reported in Windows Media player. It comes only one day after a serious zero day flaw was found in word. The flaw is dangerous because it involves IE and Outlook's ability to automatically launch .asx files. No fix from Microsoft has been announced yet."
Finding holes in a MS product.... (Score:5, Insightful)
It's not an exploit ... (Score:4, Insightful)
If it's not dangerous... (Score:3, Insightful)
zero-day exploit (Score:3, Insightful)
Re:How is this dangerous? (Score:1, Insightful)
4 bytes IS ENOUGH (Score:1, Insightful)
GG Misleading Post (Score:5, Insightful)
Doesn't affect my Vista machine. Nor my XP Pro machine running IE7 + WMP 11.
Seeing things like this, I can't help but wonder what it might look like if every time a flaw was discovered in *Nix, and a security advisory (even if barely remotely applicable, as in this case) were released,and slashdotted. Maybe this post is flamebait too (seems to be my trend as of late), maybe not. But the title of this particular post, is pretty misleading.
0 day flaw! Congratulations. It's software. I still play games that if they run for more than 2 hours I'm lucky. The real problem is the testing, and the coding that goes into these. You fix one thing, and something else inevitably breaks.
How often does a kernel update in Linux break something that you now have to update, or sometimes roll back alltogether because they won't work.
This post is as Overdramatic as going nuts every single time something in Linux broke or didn't work right. Sometimes MS deserves to be thumped on the head. This time though, seriously, come on. Tell you what, run your 4 byte program that is gonna hax0r my computer. I invite it, might give me something to do.
Re:WMP11 Has Serious Exploit (Score:2, Insightful)
Any bright minds out there that willingly use these things lost control of all of their personal media.
http://www.microsoft.com/windows/windowsmedia/pla
http://www.theinquirer.net/default.aspx?article=3
I certainly hope you aren't running either Vista or WMP11.
Re:How is this dangerous? (Score:4, Insightful)
Um, what quick and dirty shortcuts? MS uses the same protection model every other x86 OS I know of uses. Kernel runs in CPL 0, user processes in CPL 3. Drivers run mostly in CPL 0. In fact, with MS starting to try to push drivers to CPL 3, they're starting to get better than Linux AFAIK. (I think there are some userspace drivers for Linux, but very few. MS is trying to make that the standard for most types drivers I think.)
MS's bugs come from a combination of a few things. One is what seems to be a prevalence of buffer overruns. Second is running in administrator mode by default (note that this is an entirely different animal than what privilege level code executes in), and what seem to be an abnormally large number of other misc design errors.
But the memory model is solid.
With NX protection it should be impossible
If you think NX protection makes buffer overrun attacks impossible.. you're living in a dream world. I categorize the types of buffer overrun attacks I know into three types, and NX only solves one of them.
Slight difference (Score:5, Insightful)
The vast majority of Windows users do not run Vista, IE7, or WMP11, even though all are technically available.
So this particular flaw affects most Windows users, and is thus important to those that have to deal with these users and/or their computers.
Just In Time For Vista Marketing (Score:2, Insightful)
Re:Another 0-day? (Score:3, Insightful)
Re:WMP11 EULA Time Bomb (Score:3, Insightful)
1. Maintain their monopoly
2. Fool the government into thinking they don't have a monopoly
3. Enforce Microsoft lock-in to existing customers
4. Spreading FUD about Linux and Open Software in general
5. Band-aiding the constant stream of security flaws in their older products
6. Inventing more and more byzantine and fragile DRM schemes that are still hacked before they are even released
7. Making new software people actually want to use
As you can see, making good software gets trumped by everything else. As far as I'm concerned, they could have stopped with Windows 2000 and stuck to releasing new hardware support, bug fixes and security patches, and we would all be a lot better off.
Can you imagine how lean, mean, secure and smooth a "Windows 2000 Service Pack 11" would have been in 2006?
It would be everything Microsoft spend 5 years failing to deliver with Vista.