Microsoft Issues Long-Awaited WMP Fix

Three months after promising a fix, Redmond updates its flagship media player to block a well-known spyware infection threat.

Microsoft over the weekend pushed out an update for its flagship Windows Media Player to provide protection from a well-known spyware infection threat.

The update comes more than three months after Microsoft Corp. promised a fix and brings an end to an episode that raised questions about the companys handling of a legitimate security threat to customers.

In a knowledge base article that was updated over the weekend, Microsoft said the new version of WMP would block the redirection of users to rogue Web sites via the DRM (digital rights protection) mechanism.

"In certain situations, certain types of Windows Media Digital Rights Management [WMDRM]-protected content may cause Windows Media Player to redirect a user to a Web page to acquire a license without prior warning," the company said.

"This redirect may occur even if a user has cleared the Acquire licenses automatically for protected content check box on the Privacy tab of the Options dialog box."

This happens because the privacy option setting does not properly prevent WMDRM-protected content from opening a Web page without requesting permission.

Malicious hackers have been taking advantage of the weakness in the DRM download mechanism to redirect users to a Web site that loads a large quantity of adware, spyware, modem dialers and other viruses.

/zimages/2/28571.gifRead more here about hackers using the weakness to install malware on users computers.

The latest WMP update also corrects a memory leak flaw and a denial-of-service bug related to script commands.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.