===================================================================== CERT-Renater Note d'Information No. 2008/VULN343 _____________________________________________________________________ DATE : 10/09/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Windows Media Player. ====================================================================== KB954154 http://www.microsoft.com/technet/security/Bulletin/ms08-054.mspx ______________________________________________________________________ Microsoft Security Bulletin MS08-054 Critical Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) Published: September 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported and affected editions of Windows Media Player 11. Recommendation. Microsoft recommends that customers apply the update immediately. Affected Software Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 Windows Vista and Windows Vista Service Pack 1 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 Windows Server 2008 for 32-bit Systems* Windows Server 2008 for x64-based Systems* *Windows Server 2008 server core installation not affected. Vulnerability Information Windows Media Player Sampling Rate Vulnerability - CVE-2008-2253 A remote code execution vulnerability exists in Windows Media Player 11. An attacker could exploit the vulnerability by constructing a specially crafted audio file that could allow remote code execution when streamed from a Windows Media server using Windows Media Player 11. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Workarounds for Windows Media Player Sampling Rate Vulnerability - CVE-2008-2253 Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality: Unregister wmpeffects.dll To unregister this DLL, run the following command from an elevated command prompt: For 32-bit Windows-based systems: Regsvr32.exe u %WINDIR%\system32\wmpeffects.dll For 64-bit Windows-based systems: Regsvr32.exe u %WINDIR%\syswow64\wmpeffects.dll Impact of workaround: Visualizations will fail to display in the Now Playing view of Windows Media Player. How to undo the workaround: Run the following command from an elevated command prompt: For 32-bit Windows-based systems: Regsvr32.exe %WINDIR%\system32\wmpeffects.dll For 64-bit Windows-based systems: Regsvr32.exe %WINDIR%\syswow64\wmpeffects.dll ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================