X

Microsoft fixes potential antipiracy hole

Japanese programmers spotlight flaw in Redmond's antipiracy protections, but the company moves to block the hack.

John Borland Staff Writer, CNET News.com
John Borland
covers the intersection of digital entertainment and broadband.
See full bio
John Borland
3 min read
Microsoft said Tuesday that Japanese hackers had discovered a potential weakness in its copy protection technology but that the software company fixed the flaw before it was widely used.

The Redmond, Wash., giant on Tuesday introduced an update to its Windows Media Player, which included changes aimed at blocking the Japanese hackers' work, as well as a security update.

"No DRM is perfect. This is another example of somebody finding a way around the technology that we didn't think about."
--David Caulton
Manager, Windows Media

The copy protection changes mark the first time in nearly four years that Microsoft's digital rights management (DRM) protections have been publicly broken, even if largely in theory. As in an earlier case, the company says it was able to update its software before the flaws advanced much beyond the theoretical stage.

"No DRM is perfect," said David Caulton, group product manager in the Windows Media division. "This is another example of somebody finding a way around the technology that we didn't think about. We hear about it, and we effectively get a fix out to users before there's a widely distributed tool for removing digital rights management from files."

The update comes as renewed evidence that hackers and other independent programmers are scrutinizing Microsoft's Windows Media Player, as well as the Internet Explorer browser, for flaws or programming loopholes. Microsoft has released repeated security fixes for its Web-browsing software over the past year, as new risks for surfers continue to appear.

The Japanese hack emerged several weeks ago, when programmers on a public online bulletin board were found to be discussing ways to strip the copy protection off Windows Media files. The actual software that purportedly performed the trick was taken offline after a Japanese magazine wrote about the hack, but Microsoft said the company was able to identify the potential flaw.

The new update also addresses a problem exposed a month ago, in which the Media Player and its digital rights management software could be used to show ads--or even to lure unsuspecting Web surfers into downloading harmful software onto their hard drives, security researchers said.

The process exploited a feature of the Media Player content protection, which allows protected files to pop up a Web page with information about a video or song license. In such a case, that page could be loaded with automatic spyware download mechanisms, Spanish security company Panda Software said.

The new update to the Media Player software contains a setting that allows consumers to request that they be notified any time their computer is going onto the Internet to obtain a content license. By default, this option will be turned off, but computer users can turn it on, Caulton said.

With the associated security issues, however, once the computer does launch the online license acquisition process, a Web page could still be popped up--even with the update in place. That risk is shared by anyone surfing online, Caulton said, but it could be virtually eliminated by using the latest spyware blockers and Windows operating-system updates, which block automatic downloads of software.

The new Windows Media Player is available now on Microsoft's site and may be distributed to consumers through the company's automatic software update function in the future.