Researchers reckon a security bug in Windows Media Player creates a means for hackers to inject hostile code onto vulnerable systems. However Microsoft has denied this, saying that the bug only creates a means to crash the software without posing a more damaging security risk. The WMP integer overflow bug reportedly kicks in …
"Fully patched Windows XP systems running either Windows Media Player 9 and 11 are each potentially vulnerable...."
How come WMP10 isn't affected, but the versions of media player before it and after it are?
Does this mean that I should downgrade to WMP10 to eliminate the risk?
and the truth is.....
Whilst I am no great fan of Microsoft - OSX rules for me - I have seen too many cases of "security alerts" threatening us with a plague of locusts, or the death of every first-born in the nation, or at least a visit from the four horsemen of the apocalypse.
I am, therefore, minded to accept Microsoft's "downplaying" of this as being a more realistic assessment.
With all of the adverse publicity associated with ANY security threat - extant or hypothetical - I cannot see MS indulging in such a blatant porkie which would obviously be found out very quickly.
Not even Mr Ballmer.
Speaking of whom, is it just me who wonders whether he is the long-lost (or disowned) brother of Uncle Fester from the Adams Family? The resemblance is too great to be co-incidental.
...wasn't tested by the ISC reader which is where the 9 and 11 information comes from. The Security Tracker post says it was tested on 9, 10 and 11, and described as "11 and prior versions". So no, downgrading won't eliminate the risk. Besides, the only risk is your player crashing.
...I thought WMP *was* a security flaw.
Has Microsoft ever written *anything* that did not pose a security risk?
Surely it can't be long before we start hearing of the dangers of Notepad and Solitaire!
You can't blame M$ for downplaying the risk, so long as they release a patch. If it's not really a security flaw, then they're nipping unnecessary panic in the bud. If it is, then they've bought themselves some more time to work on a fix - unless this gets used, it doesn't matter if it's a security flaw.
And for the record, I run Linux and watch videos with Xine.