Microsoft to boost Media Player security

Microsoft says it will patch versions of Windows Media Player to prevent users from inadvertently downloading viruses, adware, and spyware when opening copy-protected media files. The update will be available within 30 days, the company says.

Meanwhile Microsoft is urging users of Windows Media Player versions 9 and 10 to be cautious when opening Windows Media Audio files downloaded from peer-to-peer file sharing services.

The problem, first reported by PC World, stems from the way Windows Media Player 9 and 10 automatically acquire licensing information for copy-protected content, a technology known as digital rights management, or DRM. Microsoft's DRM technology acts as an antipiracy measure, ensuring that copy-protected digital files aren't mass-distributed over peer-to-peer networks.

The company also suggests that users change some system settings until the updates to Windows Media Player 9 and 10 become available.

Security experts confirm that hackers and distributors of adware are using a loophole in Microsoft's DRM license acquisition process to display advertising, to initiate the download of adware to PCs, and to distribute viruses.

"People should always use caution when downloading any file off the Internet," says David Caulton, group product manager for Microsoft's Windows Digital Media Division. "We are giving our customers more control over their choices when it comes to accessing the Internet for DRM information."

Potential for serious damage

Currently there is no way to keep Windows Media Player from automatically attempting to connect to the Internet when you try to play specially crafted Windows Media files. The updates to Media Player 9 and 10, expected within a month, will allow users to prevent such Internet access when media files are played.

Given the popularity of P-to-P networks where these infected media files are proliferating, "this could easily become an epidemic very quickly," says Patrick Hinojosa, chief technology officer for Panda Software.

Antivirus utility provider Panda Software reported earlier this month that it had detected two new Trojan horse programs in video files circulating on peer-to-peer networks. The company estimates that "tens of thousands" of PCs have already been infected by Trj/WmvDownloader.A and Trj/WmvDownloader.B, which sneak onto systems via the Media Player and attempt to install malicious programs and viruses.

Loophole described

The problem starts when a user tries to play a DRM-protected file. Normally, when you download a protected Windows Media file, you also receive a license that permits playback. If Windows Media Player can't find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.

That DRM feature automatically triggers an Internet Explorer browser session. Under normal circumstances, the browser page that opens should walk the user through a license acquisition process.

Since the license dialog box acts just like an Internet Explorer window, it can display whatever HTML coding is on the page that the file points to -- whether it's a legitimate request for license information or a script that launches ads.

PC World found that some Windows Media files on peer-to-peer networks such as Kazaa contain ad-spawning code. The affected files are indistinguishable from files containing songs or short videos in Windows Media format, but when played they launch ads instead of media clips. When we ran the files, we noted over a half dozen pop-ups, several attempts to download adware onto our test PC, and an attempt to hijack our browser's home page.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Spring

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?