Seven critical Windows patches next Tuesday, including to Media Player
Microsoft's regular pre-briefing on monthly security issues contained some dire news, including patches for a reportedly "Critical" vulnerability affecting Windows Media Player for XP, Vista, and Windows Server 2008.
The dynamics of this problem, in keeping with Microsoft's current policy, are not being revealed until at least next Tuesday, though the company did acknowledge its existence late yesterday. If the company is implementing its so-called MAPP policy, announced earlier this week, then it's possible that some select partners who produce security software may know the details.
That's important in this case in particular, because exploits that involve media players typically don't focus on them exclusively. Last September, a complex exploit involving Apple's QuickTime relied on Mozilla Firefox as a triggering mechanism. Security software vendors may conceivably be called upon to instigate measures that protect users from similar triggering mechanisms that may be out of Microsoft's control.
The Media Player patches constitute three of seven that the company plans to deploy in its regular batch this Tuesday, which also include one "Critical" patch for Internet Explorer and one for Office -- though version numbers have not yet been disclosed. Five other planned patches were rated "Important," which Microsoft classifies as possibly leading to a loss of system integrity or a compromise of user data, as opposed to the placement of a worm or virus.