Attack code out for latest Microsoft flaw

Two exploits appear only days after Microsoft issued a patch for a "critical" Windows Media Player flaw.

Two examples of computer code that exploit a flaw in Windows Media Player have become available only days after Microsoft released a patch to fix the bug.

The "proof-of-concept" exploits that take advantage of a flaw in the media player were posted on the Web over the past couple of days. The flaw, rated "critical" by Microsoft, could enable an attacker to seize control of a vulnerable computer system.

The appearance of proof-of concept code is usually a sign that actual attacks are not far off. Microsoft, when it released its patch Tuesday, urged users to upgrade their systems as soon as possible.

Microsoft recently issued patch MS06-005 as part of its monthly security update. The vulnerability in Windows Media Player can compromise a system through malicious images embedded in the player.

Versions of Windows Media Player affected by the bug include 7.1 through 10. The vulnerability was also tagged as "critical" by the French Security Incident Response Team, or FrSIRT, a research outfit that published one of the two exploits.

Microsoft announced the release of seven fixes on Tuesday, including a "critical" patch for a Windows Meta File vulnerability in Internet Explorer. It exists only in IE 5.01 with Service Pack 4 on Windows 2000 and IE 5.5 with Service Pack 2 on Windows ME, Microsoft said in the security advisory.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with Amazon Dash buttons

Limits on choice mean new shopping gadget won't click for everyone. Bridget Carey explains how the buttons work, and the rule changes for sharing your Prime perks with others.

by Bridget Carey