Players loopholes found in Microsoft's best customers to upgrade to higher
[ENet IDG NEWS - A few days ago, security company FrSIRT in Microsoft's Windows Media Player, found a "dangerous" level of security flaws and said that because of the existence of the flaw, could allow a hacker to the Windows Media Player to do Hands and feet, leading to users of Windows Media Player does not support some of file formats.
FrSIRT said the security flaws found in Windows Media Player 9 and Windows Media Player 10 in two versions, the hacker can take advantage of this potential safety problems, on the user's computer undefended attacks and arbitrary "to be attacked users" Computers running unauthorized software, resulting in denial of service attacks.
In addition a security firm eEye Digital in a warning in the report, said the security flaws are caused by buffer overflow, when users play ". Asx" format of the document, it may appear the situation.
". Asx" format of the document usually on the page will be automatically identify players open run, which means that hackers can only be released through the pages on the Internet ". Asx" format of the virus files, and lure users to access this site and realize The user attack. The infected file is usually automatically send an e-mail, mail content is to persuade users to browse the contents of the message the bait.
This security flaws in the original November 22 was found at that time was considered only a denial of service attack case.
Microsoft said, users can re-IE browser settings to prevent the browser ". Asx" the document format for automatic access, and thus avoid being attacked. Besides closing the "active scripting" feature can also reduce the chance of infection, but can not completely rule out the possibility of infection. FrSIRT recommended users upgrade to Windows Media Player 11 version, this version has not been found infected with the report.
Microsoft is still no final conclusion on whether next month's security update released this loophole in the security patches.
In some BBS, security analysts believe that despite the current has not been fully carried out the loopholes in theory, but doubted that security loopholes are "zero-day attacks" loopholes, loopholes found in the same day the attack occurred, so Most users helpless in the face of hacking attacks, there is no alert.
Microsoft's security problems are solved group ushered in a busy week. 2 this week, Microsoft received a warning that "the Word of the discovery on a restricted level of security loopholes" Microsoft said Thursday in the number of released next week for Visual Studio and Windows security patches, but Microsoft did not disclose these Whether the patches for Word or Windows Media Player.
