Microsoft to boost Media Player security

Microsoft says it will patch versions of Windows Media Player to prevent users from inadvertently downloading viruses, adware, and spyware when opening copy-protected media files. The update will be available within 30 days, the company says.

Meanwhile Microsoft is urging users of Windows Media Player versions 9 and 10 to be cautious when opening Windows Media Audio files downloaded from peer-to-peer file sharing services.

The problem, first reported by PC World, stems from the way Windows Media Player 9 and 10 automatically acquire licensing information for copy-protected content, a technology known as digital rights management, or DRM. Microsoft's DRM technology acts as an antipiracy measure, ensuring that copy-protected digital files aren't mass-distributed over peer-to-peer networks.

The company also suggests that users change some system settings until the updates to Windows Media Player 9 and 10 become available.

Security experts confirm that hackers and distributors of adware are using a loophole in Microsoft's DRM license acquisition process to display advertising, to initiate the download of adware to PCs, and to distribute viruses.

"People should always use caution when downloading any file off the Internet," says David Caulton, group product manager for Microsoft's Windows Digital Media Division. "We are giving our customers more control over their choices when it comes to accessing the Internet for DRM information."

Potential for serious damage

Currently there is no way to keep Windows Media Player from automatically attempting to connect to the Internet when you try to play specially crafted Windows Media files. The updates to Media Player 9 and 10, expected within a month, will allow users to prevent such Internet access when media files are played.

Given the popularity of P-to-P networks where these infected media files are proliferating, "this could easily become an epidemic very quickly," says Patrick Hinojosa, chief technology officer for Panda Software.

Antivirus utility provider Panda Software reported earlier this month that it had detected two new Trojan horse programs in video files circulating on peer-to-peer networks. The company estimates that "tens of thousands" of PCs have already been infected by Trj/WmvDownloader.A and Trj/WmvDownloader.B, which sneak onto systems via the Media Player and attempt to install malicious programs and viruses.

Loophole described

The problem starts when a user tries to play a DRM-protected file. Normally, when you download a protected Windows Media file, you also receive a license that permits playback. If Windows Media Player can't find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.

That DRM feature automatically triggers an Internet Explorer browser session. Under normal circumstances, the browser page that opens should walk the user through a license acquisition process.

Since the license dialog box acts just like an Internet Explorer window, it can display whatever HTML coding is on the page that the file points to -- whether it's a legitimate request for license information or a script that launches ads.

PC World found that some Windows Media files on peer-to-peer networks such as Kazaa contain ad-spawning code. The affected files are indistinguishable from files containing songs or short videos in Windows Media format, but when played they launch ads instead of media clips. When we ran the files, we noted over a half dozen pop-ups, several attempts to download adware onto our test PC, and an attempt to hijack our browser's home page.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Spring

PC World
Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?