Experts warn of Media Player vulnerability

By

Specially crafted Media Player .asx file could be used to gain control.

Experts warn of Media Player vulnerability
A newly discovered security vulnerability in Windows Media Player has prompted security firms to warn users to remain extra vigilant and alter the way they handle a certain type of file.

According to a Microsoft security advisory, an attacker could use a specially crafted Media Player .asx file to gain control of a user's system and remotely execute malware. 

The file could be placed in an HTML file, causing it to be automatically launched by the user's web browser.

Microsoft has confirmed the vulnerability and said that it is investigating the issue.

Secunia has given the vulnerability a rating of 'highly critical', the security firm's second highest alert level. 

Originally disclosed on 22 November, and thought to cause only a denial-of-service attack, security research firm EEye now believes that exploit code could be written for the vulnerability. 

EEye suggests that users can mitigate the threat by changing the default application to load .asx files. 

WatchGuard security analyst Corey Nachreiner, however, believes that users should not panic over the vulnerability. 

In a posting to WatchGuard's newswire feed entitled 'Unpatched Windows Media Player vulnerability announced; world fails to end,' Nachreiner downplays the immediate urgency of the flaw.

"While I do not doubt EEye's findings, there is a big difference between a flaw assumed to allow code execution and one confirmed to allow code execution, " he said.

Nachreiner pointed out that the Media Player vulnerability does not pose as serious a threat to users as the currently unpatched and active Word exploit.

The analyst still recommends users to follow EEye's steps to mitigate the effect of the vulnerability.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
expertsmediaofplayersecurityvulnerabilitywarn

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?