Three months after promising to update its flagship Windows Media Player software to block a well-known spyware infection vector, Microsoft has still not provided security for the majority of its users.
The software giants inability to ship a timely update for users of its Windows Media 9 Series has triggered new questions about Microsoft Corp.s handling of a legitimate security threat to consumers.
Back in January, when security researchers discovered that malicious hackers were distributing rigged ".wmv" files to trick users into downloading malicious software programs, Microsoft originally brushed aside the warnings and insisted the attack vector did not exploit a vulnerability in the software.
One week later, the company did an about-face and promised updates within 30 days to modify the way the media player handled the download of copyright-protected media files.
On Feb. 15, Microsoft pushed out two WMP updates which, according to officials, covered the malware infection scenario.
Even the language in Microsofts update pointed to the addition of "integrity checks to the DRM system."
However, during subsequent tests, researchers quickly discovered that a fix for users of WMP9 was not available.
Microsoft would later acknowledge that the WMP9 fix was not yet available, and another promise was made to have the protections back-ported.
"When this issue first cropped up, we mapped out a plan to address it for our users. This plan entailed updating Windows Media Player 10 first," Microsoft program manager Marcus Matthias said at the time.
"[We are] currently working on an update for Windows Media Player 9 Series…We will let you know as soon as this update is available."
Six weeks later, the WMP9 fix is not yet available and no one at Microsoft can explain the delay.