ITS ADVISORY NUMBER:
Vulnerabilities in Microsoft Windows Media Could Allow Remote Code Execution (MS12-004)
Two vulnerabilities have been identified in Microsoft Windows Media. One has been identified in the Microsoft Windows Media Player application and another in DirectShow, both of which could allow remote code execution. Windows Media Player is a media library application that is used for playing audio, video, and viewing images. DirectShow is used for streaming media on Windows operating systems. It is a part of DirectX, which is a set of low level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows 7
- Windows Server 2008
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: High
The first remote code execution vulnerability exists in the way that the Windows Media Player multimedia library (winmm.dll) handles a specially crafted MIDI file (.mid). The second remote code execution vulnerability is caused by the improper handling of specially crafted media files in DirectShow.
An attacker could take advantage of either of these vulnerabilities if a user visits a specially crafted website or opens a specially crafted file. Successful exploitation of either of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend the following actions be taken:
- Apply the appropriate patch provided by Microsoft to vulnerable systems immediately after appropriate testing.
- Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
- Remind users not to open e-mail attachments from unknown or un-trusted sources.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Cyber Security Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal