Microsoft issues patch for WMF vulnerability

Microsoft released seven security bulletins as part of its monthly update on Tuesday, including a "critical" patch for a Windows Meta File vulnerability in Internet Explorer.

The Redmond, Washington-based software maker also rated another patch for a vulnerability in Windows Media Player 7.1 as "critical." The five other bulletins were rated "important."

The update for Internet Explorer follows a security advisory the company issued last week after the WMF flaw was discovered. The flaw exists only in IE 5.01 with Service Pack 4 on Windows 2000 and IE 5.5 with Service Pack 2 on Windows ME, Microsoft said in the security advisory.

Exploiting the vulnerability means that someone could seize control of an affected system. Microsoft also recommended last week that users upgrade to IE6 with Service Pack 1.

Microsoft also patched Windows Media Player 7.1, on Windows 98/98SE/ME/2000, Windows Media Player 8 on Windows XP (up to and including SP1), Windows Media player 9 on Windows 2000/XP SP2/Server 2003, Windows Media Player 10 on 98/98SE/ME/XP (up to and including SP2).

The vulnerability in Windows Media Player has the potential to allow someone remotely take control of a system via a malicious images embedded in the customised versions of Windows Media Player.

"It could be exploited through Microsoft Internet Explorer because users often get media that is hosted on the Web," Microsoft said in a statement. "Microsoft Internet Explorer typically starts the media player automatically to open the media file which could allow attackers to host the malicious (customised file) on a Web page as a method of attack."

Microsoft rates as "critical" any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user.

Advertisement

Print feature brought to you by Adobe

Talkback 2 comments

    Microsoft Updates - KB913446 fails Anonymous -- 15/02/06 (in reply to #120129265)

    Yo All,

    Just hit the MS updates site and the one for the TCP vulnerability (KB913446) fails to download. I'd understand a failure to install - hey, the TCP kernel is obviously in use if you're online ... but a failure to download?

    At any rate, the problem seems endemic to any XP user and there's numerous complaints about it in various MS forums ... but no manual download option I could find.

    Guess we'll just have to wait until MS fixes the puppy.

    Just thought I'd post this so others could avoid the grief I've been through trying to rectify the situation.

    Regards,

    patch problem - solution Anonymous -- 15/02/06 (in reply to #120129266)

    The solution is to install it manually from: http://www.microsoft.com/downloads/details.aspx?familyid=7BB21D74-C37B-472B-BB10-71D4680680A7&displaylang=en (Paste the URL into your browser if it appears over more than 1 line.)

Add your opinion

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • David Braue Can not-so-smart meters help the NBN?
    It was interesting to witness Conroy's recent enthusiasm to spruik the NBN's role in supporting the Smart Grid, Smart City initiative. What a pity that Conroy hadn't yet seen the damning report from the Victorian auditor-general about that state's smart-meter roll-out.
  • Array Can the Telco Reform Act be win-win?
    In the second of our two programs looking at the Senate Inquiry into the Telecommunications Legislation Amendment Bill, we hear from shareholders, bureaucrats and industry groups.
  • Array Has New Zealand's smiling assassin delivered?
    One year into its tenure, how has the new New Zealand Government performed on issues of technology and telecommunications?
  • More blogs »

Tags

  1. 488 articles are tagged with 3g
  2. 57 articles are tagged with accenture
  3. 237 articles are tagged with acquisition
  4. 40 articles are tagged with afact
  5. 140 articles are tagged with ato
  6. 1303 articles are tagged with broadband
  7. 60 articles are tagged with cepu
  8. 666 articles are tagged with cio
  9. 251 articles are tagged with conroy
  10. 132 articles are tagged with contract
  11. 45 articles are tagged with david thodey
  12. 514 articles are tagged with dell
  13. 152 articles are tagged with firewall
  14. 129 articles are tagged with fujitsu
  15. 1030 articles are tagged with government
  16. 789 articles are tagged with hp
  17. 1304 articles are tagged with ibm
  18. 221 articles are tagged with iinet
  19. 350 articles are tagged with iphone
  20. 288 articles are tagged with isp
  21. 116 articles are tagged with legislation
  22. 13 articles are tagged with longhaus
  23. 35 articles are tagged with michael malone
  24. 1475 articles are tagged with microsoft
  25. 33 articles are tagged with mike quigley
  26. 50 articles are tagged with minchin
  27. 1125 articles are tagged with mobile
  28. 210 articles are tagged with national broadband network
  29. 386 articles are tagged with nbn
  30. 198 articles are tagged with new zealand
  31. 27 articles are tagged with nick minchin
  32. 929 articles are tagged with open source
  33. 880 articles are tagged with optus
  34. 2650 articles are tagged with security
  35. 53 articles are tagged with senate
  36. 68 articles are tagged with separation
  37. 1292 articles are tagged with software
  38. 9 articles are tagged with sp telemedia
  39. 178 articles are tagged with stephen conroy
  40. 57 articles are tagged with strike
  41. 174 articles are tagged with sydney
  42. 60 articles are tagged with telecom nz
  43. 2431 articles are tagged with telstra
  44. 137 articles are tagged with tender
  45. 31 articles are tagged with tpg
  46. 49 articles are tagged with twitter
  47. 110 articles are tagged with union
  48. 174 articles are tagged with victoria
  49. 201 articles are tagged with video
  50. 88 articles are tagged with windows 7

Back to top

Featured