Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Seven critical Windows patches next Tuesday, including to Media Player

By Scott M. Fulton, III, BetaNews

August 8, 2008, 6:53 PM

Microsoft's regular pre-briefing on monthly security issues contained some dire news, including patches for a reportedly "Critical" vulnerability affecting Windows Media Player for XP, Vista, and Windows Server 2008.

The dynamics of this problem, in keeping with Microsoft's current policy, are not being revealed until at least next Tuesday, though the company did acknowledge its existence late yesterday. If the company is implementing its so-called MAPP policy, announced earlier this week, then it's possible that some select partners who produce security software may know the details.

That's important in this case in particular, because exploits that involve media players typically don't focus on them exclusively. Last September, a complex exploit involving Apple's QuickTime relied on Mozilla Firefox as a triggering mechanism. Security software vendors may conceivably be called upon to instigate measures that protect users from similar triggering mechanisms that may be out of Microsoft's control.

The Media Player patches constitute three of seven that the company plans to deploy in its regular batch this Tuesday, which also include one "Critical" patch for Internet Explorer and one for Office -- though version numbers have not yet been disclosed. Five other planned patches were rated "Important," which Microsoft classifies as possibly leading to a loss of system integrity or a compromise of user data, as opposed to the placement of a worm or virus.

Add a Comment (54 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Program86

posted Aug 11, 2008 - 4:57 PM

meh...

Score: 0

By PC_Tool

posted Aug 11, 2008 - 5:18 PM

insightful as always., Why do you even bother?

At least you left out the incoherent vulgarity this time.

Score: 0

By elopez17

posted Aug 11, 2008 - 1:36 PM

Dear cescam66, dvferret

Why?

Do you see a forum for other language in this page

So!

This is for everyone, if you are not familiar with other language do not blame the author.

It is polite to write in dual language but if you do not know it. Like thartist did.

Score: 0

By cescam66

posted Aug 11, 2008 - 10:52 PM

well sir i speak english and spanish because hey... my parents are hispanics but you've got to remember that this website is in english and almost everyone that visits it speak english

Score: 0

By lutz_ret25@hotmail.com

edited Aug 10, 2008 - 3:53 AM

Yo hace mucho, mucho tiempo que estoy con Uds. Empecé con una cuenta que se llamaba lutz362 o algo asi pero en aquel entonces hace ahora unos 13 años no habian los adelantos que ahora ni las velocidades y no sabia muy bien como "operaba" pero el caso es que perdi esa cuenta y me supo muy mal ya que en ella hice muy buenos amigos.
BUENO EL CASO ES QUE AHORA QUIERO DESHACERME DE UNA CUENTA ECHA hace unos dias y no se como hacerlo. Ademas de estar actualizado de la mejor manera en net.messenger y las actualizaciones que mas me interesen.
Me gustaria que me ayudaran en lo que pudieran y yo se lo agradeceria con la preseverancia y fidelidad quehe mostrado hasta ahora.
Atte:/ Miquel Moncunill

Score: 0

By PC_Tool

posted Aug 11, 2008 - 9:25 AM

...

A moose once bit my sister.

Score: 0

By thartist

posted Aug 10, 2008 - 5:57 PM

a mi me pasó lo mismo con una cuenta, quiero borrarla pero no se puede. bastante mala las opciones de administracion de cuentas.

the same happened to me with an account, which i want to delete but can't be done. quite bad account administration options.

Score: 0

By cescam66

posted Aug 10, 2008 - 8:37 PM

dude speak english!!! ingles porfavor!!!!

Score: 0

By dvferret

posted Aug 11, 2008 - 9:09 AM

Agreed! ENGLISH!!!!!

Score: 0

By thartist

posted Aug 11, 2008 - 11:53 PM

IT'S BEEN POSTED BILINGUAL AND YOU COMPLAIN??!!!
WHAT ELSE DO YOU WANT??!!!

0_O !!!

Score: 0

By robmanic44

posted Aug 9, 2008 - 8:57 PM

I wipe the hard drives and do a clean install every 6 months. It consumes some time, but I find it's still the best way to get rid of accumulated crud on my drives and it definitely speeds up my system.

Vista will install on drives that aren't wiped, but it certainly is easier on clean drives.

Score: 0

By Hollywood__

posted Aug 11, 2008 - 12:34 PM

With XP, you have to do a wipe every six months. I was doing the same thing as every computer I owned turned to sludge after only a couple months.

I'm going on almost two years with my Vista notebook and no viruses or trojans have ever been detected. I also haven't noticed any speed loss or lagging on startup since I bought it?

I have no virus protection other that Windows Defender, which is built in to Vista.

Vista really sucks doesn't it? These XP fanboys just don't get it, I'm glad they all stick with XP and have nothing but virus problems and slow performance a month after doing a clean install as XP has no way to keep anything from installing itself on your system and changing registry keys and personal settings.

Score: 0

By Tenoq

posted Aug 12, 2008 - 1:24 AM

Hmm... I've already done a couple of re-installs/re-images of Vista, and I've only had it since April this year. I was running the same XP install for 18 months prior to that.

So... which leg are you still standing on? Vista works for some, particularly those that don't push it, but others seem to have no end of trouble. I can admit it's come a long way with SP1, but it's still not a replacement for XP stability-wise. Nonetheless, I'd recommend it to average Joe, for the simple fact it's harder for them to completely break with spyware (albeit harder to fix when they do...).

Score: 0

By PC_Tool

posted Aug 12, 2008 - 9:33 AM

Wow.

Your anecdotal evidence trumps his? Really?

Vista works for some, particularly those that don't push it, but others seem to have no end of trouble.

This *may* have been true prior to SP1.

Vista SP1 performs as well or better on hardware built for Vista than XP on the same hardware. Look up AMD's "Spider" platform. Yes, it's *new* hardware, but then again, the upgrade SKU is a joke anyway.. MSFT screwed that one up.

Nonetheless, I'd recommend it to average Joe, for the simple fact it's harder for them to completely break with spyware (albeit harder to fix when they do...).

How is it "harder to fix"? Defender works, Ad-aware works, even many of the free utilities work just fine in Vista.

Score: 0

By Banquo

posted Aug 9, 2008 - 6:56 PM

Yawn, and Linux and it's associated programs will have patches out too. Those don't make the news though, not troll-baity enough I guess.

If you think you have an OS that doesn't need regular security updates you're living in Imagination Land.

Score: 0

By Tenoq

posted Aug 12, 2008 - 1:25 AM

They don't usually need a reboot though, and update all your programs at once, not just Windows and Office. ;)

Score: 0

By SGD

posted Aug 10, 2008 - 2:18 PM

This will go unnoticed that MS is being past by patches.

http://www.pcworld.com/b...t_in_patch_reports.html

Score: 0

By ingram091

posted Aug 9, 2008 - 6:49 AM

Humm for candy please..

Candy being total uninstall of IE, total uninstall of mediaplayer, total uninstall of MSN messenger.

Use instead, VLC media player, Firefox, and Yahoo or other 3rd party IM tool. bingo. vulnerabilities lessened by 2/3rds right there.

2/3s cause you still have the fact that your using windows, and thats that. Just about any OS connected to the internet is going to be vulnerable in some way. With all the stuff Windows does online that you may or may not want it to do, that percentage increases with each version, as more back doors pop up that can become vulnerabilities. The unneeded ones mentioned is the bulk of them, but there are others that are known security policy nightmares at times.

So yea, I hacked and slashed at XP pro back in the day and got rid of IE and Media player and MSN messenger. haven't bothered trying in Vista. My understanding such modification could cripple the pre SP1 version cause it thinks your taking out what VISTA needs to function. so I never tried. But the XP machine I did the hack and slash uninstall to actually stayed very secure for a long time with just Yahoo messenger, Firefox, and VLC. Very few critical updates ever seemed to get pushed to me on that machine when everyone else was getting a ton of em.

Go figure..

Score: 0

By morriscox

posted Aug 12, 2008 - 4:11 PM

I use Yahoo Messenger, but I would never consider it secure. Cleartext protocols are just a bad idea. And back doors *are* vulnerabilities, by definition. Did you mean background services instead?

Score: 0

By terminalx

edited Aug 9, 2008 - 1:53 PM

Yeah, only problem is none of those are any more secure they IE, WMP or messenger...maybe vlc because its not used outside the tech circle...(meaning betanews/slashdot/fark users etcetc)

Firefox has many vulnerabilities, LOL at Yahoo! Yeah, their stuff is so much more secure...they released updates on their messenger in a row because of a missed security exploit.

The main reason those apps are more secure as they are not standard on the OS, all of the following are gaining in share and we are seeing more and more vulnerabilities in Firefox, hell it just went to 3.0 a few months ago and then a week or two later went to 3.0.1.

Secure by obscurity is not a way to enhance your system...

Score: 0

By preinterpost

posted Aug 12, 2008 - 9:01 AM

Indeed.

It's frustrating how much repetition it takes to bang it into those guys heads that it is (a) in the interest of hackers to attack the most widely distributed components and (b) vulnerabilities of mainstream applications are more likely to be discovered and published by the 'good' side.

Your average smart-ass will of course make the wrong conclusion and claim his fringe product is more magically secure because fewer issues have been documented and fixed. Sigh....

Score: 0

By artfuldodga

posted Aug 8, 2008 - 9:57 PM

Microsoft needs to keep working on its Media Player 11, or release 12... no updates ever to that software!

Score: 0

By PC_Tool

posted Aug 8, 2008 - 11:47 PM

*laughs*

Yeah.

Version 11.

Obviously, they *never* update it...

Do you realize how humorous your comment is now? Might want to change the "ever" to "fast enough for my liking". ;)

Score: 0

By mdotwills

posted Aug 9, 2008 - 3:49 AM

Personally, I prefer version 10. Version 11 has a nice library though, I wish they would just get things right for once.

Details on version 12 anyone?

Score: 0

By Banquo

posted Aug 9, 2008 - 6:58 PM

I use version 10 on XP because 11 was clearly designed for Vista. It looks horrible on XP, and as far as I know there's no reason to use 11 over 10 anyway. I don't really use the library thing or the music services though.

Score: 0

By mjm01010101

posted Aug 9, 2008 - 8:38 AM

Version 12 is just a shortcut to itunes if it is already installed.

Score: 0

By dvferret

posted Aug 11, 2008 - 9:12 AM

You gatta be kidding. itunes sucks.

Score: 0

By terminalx

posted Aug 9, 2008 - 9:09 AM

Version 11 looks nothing like Itunes - it looks like WMP but with a cleaner look is all, personally I prefer it and the enhanced media sharing makes it a lot better then 10.

Score: 0

By mjm01010101

posted Aug 9, 2008 - 9:54 AM

My point is Microsoft should give up, they aren't going to win this one.

Score: 0

By dvferret

posted Aug 11, 2008 - 9:13 AM

Your right. Apple already won the award for the bloated full of crap "media player".

Score: 0

By swattz101

posted Aug 11, 2008 - 11:26 AM

I thought the Real Media Player won that hands down some time ago.

Score: 0

By siryak

posted Aug 10, 2008 - 4:50 PM

lol...iTunes is the biggest bloated piece of crap software I have on my computer and I have a lot of stuff. MS has already won that battle.

Score: 0

By Banquo

posted Aug 9, 2008 - 7:00 PM

Win what?

Score: 0

By elangb

posted Aug 9, 2008 - 11:17 AM

WMP for my taste is much better than itunes. If you ignore the face that it's Microsoft's, it's quite good.

Score: 0

By mjm01010101

posted Aug 9, 2008 - 12:20 PM

I don't mind it either. I hate itunes. I don't ignore the reality of the market though.

Score: 0

By preinterpost

posted Aug 11, 2008 - 10:12 AM

Why would anyone without an iPod/Phone even think about installing iTunes? A PC media player is an entirely different market.

Score: 0

By artfuldodga

posted Aug 9, 2008 - 12:09 AM

You know what I meant :] but yeah, exactly what you said

Score: 0

By PC_Tool

posted Aug 11, 2008 - 1:30 PM

Hey, I tried to be nice about it. :p

Score: 0

By Ryusennin

posted Aug 8, 2008 - 8:33 PM

Seven patches released. Twenty thousands to go.

It's good to know that Microsoft is in charge.

Score: 0

By dekoquonut_live

edited Aug 8, 2008 - 9:58 PM

Yes, no other software on the planet has ever had a bug or been patched.

MS is the cause of all pain and sadness in the world.

Score: 0

By bousozoku

posted Aug 8, 2008 - 11:34 PM

Sarcasm aside, it's still annoying, especially when it's the same bug being patched because they didn't do a proper job of it the first 13 times.

Score: 0

By dvferret

posted Aug 11, 2008 - 9:15 AM

Aww because it takes sooooo much effort to download a simple little patch.

Score: 0

By morriscox

posted Aug 12, 2008 - 5:08 PM

When that "simple little patch" can mess things up for you, than it's not really simple or little.

Score: 0

By PC_Tool

edited Aug 8, 2008 - 11:46 PM

because they didn't do a proper job of it the first 13 times.

*yawn*

Name a single patch MSFT released that didn't fix the problem win question.

Okay, so perhaps they caused *other* problems.

Sure.

Name one modern OS that hasn't broken functionality through patching.

Bingo.

Sure, it's annoying. Software, *all* software is imperfect, vulnerable, hackable, and no software will ever please everyone.

You don't like Vista? Great. Who cares. But don't try to pretend or imply that MSFT is the only company who's ever had to fix functionality broken by a patch. It's absurd and you know it.

Mac OSX has problems, *nix OSes have problems, they *all* have problems...and yet, somehow, they all work well enough for the people that use them and enjoy using them.

Score: 0

By thartist

posted Aug 11, 2008 - 11:58 PM

hummm... (in meditation) "Nothing in this realm is perfect, son" (you hear a voice coming from the skies)

it's PC_Tool's will of enlightment covering the world with a warm touch...

you feel your body weighs nothing

Score: 0

By cescam66

posted Aug 8, 2008 - 10:29 PM

how come? i thought that the president bush IS the cause of all pain and sadness in the world

Score: 0

By timbevil

posted Aug 8, 2008 - 7:45 PM

Well, I haven't seen a Vista patch or update in quite some time. I had to disable automactic updates because when updates are applied to ready my computer for Vista SP1, my computer is unable to connect to the internet through my networking. My friend has the same problem, yet this issue seems to be kept under the radar. Microsoft's suggested fix was ridiculous as well.

Score: 0

By preinterpost

posted Aug 11, 2008 - 12:39 PM

Maybe you and your friend should start buying legit versions of the software you use from official channels instead of downloading virus and backdoor infected hacks with eDonkey and then wonder why your systems are hosed with the same factors... ;-)

Score: 0

By siryak

posted Aug 10, 2008 - 4:53 PM

"I had to disable automactic updates because when updates are applied to ready my computer for Vista SP1, my computer is unable to connect to the internet through my networking."

Sounds more like you are getting a bad driver for your network card to me. That one is not MS's fault.

Score: 0

By artfuldodga

posted Aug 9, 2008 - 12:10 AM

Try a fresh install, you've probably botched something along the way...

Score: 0

By PC_Tool

posted Aug 8, 2008 - 11:40 PM

...and yet everyone else seems to have been capable of getting Vista SP1 working.

Perhaps...and this is just an idea, you should try again?

Score: 0

By dvferret

posted Aug 11, 2008 - 9:15 AM

lol sounds good to me.

Score: 0

By swattz101

posted Aug 11, 2008 - 11:36 AM

But...but...but I'm a user who knows what I am doing. It can't be a corupt file or something on my computer or a bad driver that needs to be updated. It must be Microsoft's fault. They are evil incarnate. Everything has to be their fault...or maybe its Googles fault. Yeah, that's it. Googles fault.

Score: 0

By PC_Tool

posted Aug 11, 2008 - 11:42 AM

Nah...

Still pretty sure it's mine. ;)

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue