E-Mail:

Wednesday, June 26th, 2002
by Lockergnome

  06.27.2002 PenguinREPORT

I’ve always tried to stay away from hammering the Big Boys in Redmond. But occasionally we need to mention them in a light that’s less than favorable. One of the reasons for doing that is the understanding that, as a newsletter for new Linux users, there are probably quite a few readers who are still using Windows in one task or another. Therefore, good conscience rather than some hatred of Microsoft motivates me to pass along items that may affect your use of that other OS. In other words, to paraphrase Ted Kennedy, there’s no malice intended if I, ” … see things as they [really] are and ask why.”

The latest from Redmond is this little hole in your system if you use the Windows Media Player. If you’ve already clicked and read the link, you’ve already noticed something interesting - the article is from The Register, not Microsoft’s site. In fact, I found nothing about this hole on the MS security index page. It’s possible that I’ve missed Microsoft’s official take on it. If I have, I’d be interesting in seeing it.

Anyway, it appears that if you’re using WMP, it’s possible for those with evil in their hearts to utilize the program to run arbitrary code on your machine. That can’t be good. The Register quotes MS as acknowledging another hole, as well:

“A privilege-elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system.”

Ouch. In other words, instant Administrator access or worse. I won’t pretend to understand all the intricacies of the Windows operating system, but “obtain[ing] the same rights as the operating system” sounds like a potentially bad thing.

What bothers me is that Microsoft appears to have made no public statement via their site. They field calls from the media, apparently, but take no measure to post information on the holes to the most public area possible - the security section of their Web site.

All in all, it seems like a really good reason to use any number of Linux media tools - XMMS, noatun, etc. - and stay away from the big boys.

Tony
Steidler-Dennison       

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

How-To, Linux - Aug 6, 2008

How To Configure Wireless Internet In Linux

Download, Feedback - Mar 3, 2008

Interesting Links For Linux Users

Open Source - Dec 6, 2007

How to Create a Custom Ubuntu LiveCD

Tip - Nov 27, 2007

Ubuntu Wired Networking Woes? Read This Closely

64 queries / 0.376 seconds.