Microsoft’s Security Valentines

What do you get Windows users for Valentine’s Day? If you are Microsoft, you come bearing more than a half-dozen security patches.

As part of its traditional “patch Tuesday,” the software giant has released seven fixes for its media player and other Windows applications.

Windows Media Player is the subject of one critical bulletin, while four bulletins –- one critical –- focus on flaws in the Windows operating system. Two Microsoft Office security issues are labeled “important.”

Critical, the highest level of severity for the bulletins, means vulnerabilities can be exploited remotely. A rating of “important” refers to flaws creating denial-of-service or impacting security.

Two Windows Media Player patches were released. The first patch rated a “critical” fix, warns of the possibility a malformed bitmap (.bmp) file could permit remote code execution, resulting in complete system takeover.

While critical, the exploit requires “significant user interaction” to work, according to Microsoft.

eEye Digital Security, which alerted Microsoft to the problem in October, called for quick action.

“Unless immediately resolved, this flaw allows attackers to take complete control of an affected system,” according to a statement. Perpetrators could exploit this vulnerability by installing malicious programs, or changing and deleting data.

Another Windows Media Player patch is an alert to users of the Windows Media Player plugin with non-Microsoft Web browsers, such as Mozilla Firefox, Netscape or Opera.

The vulnerability would allow attackers to take control of a Windows XP or Windows Server 2003 system.

The Windows Media Player flaw is just the latest sign attacks are targeting consumer applications rather than the Windows operating system.

Recent patches mark a “changing trend” in Windows vulnerabilities, Steve Manzuik, eEye’s security product manager, told More media formats are coming under the watch of malicious hackers, said Manzuik.

This article was first published on To read the full article, click here.

Previous articleOracle Patches 82 Flaws
Next articleApple Updates OS X
Ed Sutherland
Ed Sutherland
Ed Sutherland is an eSecurity Planet contributor.

Top Products

Related articles