Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows downloads insecure Windows Media Player 7.1?

Status
Not open for further replies.
dbMark

dbMark

Programmer
Apr 10, 2003
1,515
US
I just upgraded the Windows Media Player on my Windows Millennium computer from version 7.0 to 7.1 directly from Microsoft's website. I was, as always, fully up-to-date on all critical Windows updates beforehand, but afterwards I was stunned to see that I now had 3 critical vulnerabilities, and some 5.5MB of additional downloads were required to patch me up. They were 817787, Q320920 and KB828026. My only conclusion is that the fixes installed a while back got undone with the new WMP.

Doesn't Microsoft know that they are providing vulnerable software downloads such as this WMP? Or don't they care? Maybe they need a disclaimer popup window after each download to remind the user to go to WindowsUpdate to verify whether their new download created or recreated critical vulnerabiliries. What if I hadn't run WindowsUpdate for a few days, weeks or months, I would have been vulnerable all that time! These are not new fixes, they've been out for quite some time, so it's not like they haven't had time to fix it.

Come to think of it, there hasn't been an update to the flagship OS, the Windows XP install CD, for more than a year meaning a whole lot of new computers with some 15-20 critical vulnerabilities each are being sold every day, so I guess this is "par for the course".

Downloaders beware, recheck WindowsUpdate after every download!
 
Sort by date Sort by votes
Most vendors are shipping with SP1 and automatic updates set to default, so most people are getting the updates without having to actually go download them. Automatic Updates are great for people (the majority) who don't want to or lack the knowledge to run Windows Update regularly. SP2 is due out next year (April-ish according to the latest news I've seen) and will include the latest patches. People who don't have automatic updates enabled and don't do it manually, are usually subject to something major (blaster, et al) and have the computer worked on. A good tech shop will enable updates and patch the system to current update levels.

Why did you upgrade to 7.1? The latest on Windows Update is 9.0 (tho the spywareish features have kept me away from it). 8 is somewhat more current and less resource-tracking.

 
Upvote 0 Downvote
Microsoft's website offered only 2 Windows WMP downloads, WMP 7.1 for Windows 98 and WMP 9 was recommended for everything newer. WMP 8 was not even listed. Since I really am not familiar with the digital rights management issues, I wanted to stay away from them for now.

I guess I was just venting a little upon finding that a Microsoft download reintroduced vulnerabilities without any warning or alert.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
174
iggsterman
iggsterman
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
155
Russtoleum
Russtoleum
pbxnkey
  • Locked
  • Question
Cisco ASA VPN using Windows Client-Error 691
Replies
1
Views
182
pbxnkey
pbxnkey
RodneyMcSnow
  • Locked
  • Question
Windows 8.1 PRO has to open connections when NETSTAT is used.
Replies
0
Views
113
RodneyMcSnow
RodneyMcSnow
jmkelly
  • Locked
  • Question
Downloads from Microsoft licensing site fail on ASA5510
Replies
4
Views
164
baddos
baddos

Part and Inventory Search

Sponsor

Back
Top