Slashdot Mirror
Microsoft Discloses Security Flaws in XP and WMPlayer
An anonymous reader writes: "Salon is running a story on Microsoft's disclosure of a number of security flaws in WinXP and Windows Media Player, versions 6.4 and 7.1. The story also states that there are 2 critical vulnerabilities in Commerce Server 2000. Will I ever get the bang for my MS buck?"
After seeing holes in OpenBSD and Apache recently, I guess it's Microsoft's turn again. ;)
From http://www.microsoft.com/technet/treeview/default
Never confuse volume with power.
Since no one else has answered:
The bug is really only a technical one. In practice, it's really like that "Perrun" hoax virus, in that it requires a huge amount of setup and complete access to the system in order to gain... well, to gain complete access to the system, which an attack would already need in order to use this bug maliciously. Basically, Windows Media Player can remotely open up the system if the attacker has found a way to get a malicious executable file into IE's cache and then convinces their victim to go to a maliciously constructed website that they've setup. When the victim goes to the maliciously constructed website, Windows Media Player could then give out information that could be used to get into the system through the IE cache.
The problem lies in the specific executable file that has to be placed into the cache. In order to get the executable file into the cache, the attacker would have to have full access to the machine or trick the user into accepting it and running it. But if they could get the user to do that, they would have full control of the system anyway, just like they would if the victim was running any OS other than Windows.
So really, it's just a small, stupid bug that's being blown out of proportion. It can't do anything other than redundantly take over a computer after it has already been taken over in a different way.
GreyWolf3000 wrote:
> Why on earth would there be a bug in Media player
> that allows uncontrolled access to the system.
> What we have here folks is a very good example of
> what a horribly designed OS Windows is...
XP isn't Palladium (yet), but it is a/the DRM OS. Microsoft's Media player is like a trap door that leads down to the core of the system. In the center of the OS, behind that trapdoor, sits a huge spider called DRM. Every file loaded, whether a document or media file, an application, or a driver, has to pass DRM's inspection. DRM checks to see that those documents and media files are legally licensed, and those drivers and applications are approved by Microsoft (don't want any of that cancerous GNU goop around). Anything that smells even slightly fishy to DRM gets pounced on and eaten. Anything that passes muster, gets passed on to the OS and applications for use.
In unix-speak, that DRM spider would be the god of root, able to tell even root what they can and cannot do. If you try to work around DRM and do what you want with the idiot box you paid for, DRM calls on his old bud DMCA, and DMCA sends the nice folks from the FBI to cart you and your PC off to separate jail cells.
Since everything the media player plays goes through DRM, it is easy to see how a media player bug could affect the whole system. And since DRM is relatively new, it will have bugs itself. And since DRM is potentially updated everytime you download a song (check your XP EULA), the potential for disaster is high. Yes it is horrible design. Then again, DRM is a horrible concept.
That's the price one pays for doing business with a company that treats their customers like potential criminals. The ironic thing is that Microsoft is the one convicted of breaking the law.
What happens when you embrace and extend Godzilla? Nuclear heartburn!
See "Godzilla 2000" (released in Japan as "Godzilla 2000 Millenium") for details.