Media Player 10 targeted for DRM licensing vulnerability


GristyMcFisty used our news submit to tell us about a story he saw over at PC Pro that
states; last week Panda Software found a couple new trojans that take
advantage of the Windows licensing scheme. Called Downloader-A and -B that were
posing cleverly as WMV files. These bits of code will trigger the Windows Media
Players wonderful license searching module. Then comes the nasty part, rather than locating a legitimate tunes license so that you can listen to it, the rascal instead loads a plethora of spyware, adware, diallers and other malicious programs. Schweet.

Microsoft admits that the problem exists, but says "To be clear, this function is not a security vulnerability in Windows Media Player or DRM. This Trojan utilizes a function of the Windows Media DRM designed to enable license delivery scenarios as part of a social engineering attack. It does not automatically force the user to run the malicious software."Be that as it may. It still means that users may unwittingly find themselves running malicious code loaded via Media Player 10. Therefore Microsoft says it will offer an update that would offer "greater default control over license acquisition elements within the Player". The update will be released within the next 30 days. The company has not disclosed whether or not it will be included in its regular security bulletins.

To be clear, does it really make any difference? Just hurry up with the patch! In the meantime, be careful with what you are downloading if it requires a license to play. Or do what I do and don't bother with DRM materials and stick with good old Ogg, MP3 or Lame. I find it very annoying when I am re-directed for a license and need to click on a dialog box to get the ok from someone in order to listen to a lossy track.

Source: PC Pro

No posts to display