Microsoft Agrees to Patch Media Player
UPDATED Microsoft has seemingly taken an about-face in a decision it made just last week not to change the way Windows Media Player handles files that are encoded to download digital rights management (DRM) licenses.
Security-minded sleuths revealed last week that WMP could mislead users into actually downloading malware or viruses instead of a license to playback DRM content.
Despite Microsoft's initial claims of immunity, the vulnerability is likely to bypass safeguards that were introduced by Windows XP Service Pack 2. According to eWeek, Microsoft has pledged to release a patch that addresses the behavior within the next 30 days.
For its part, Microsoft says it has not changed its position since day one. "Microsoft stated several weeks ago that they were looking into the issue and while it is an unintended use of WM DRM, it is not a security hole," a company spokesperson told BetaNews.
Instead, Microsoft says it will offer the patch to simply provide users greater control over Windows Media Player.
"After further review, Microsoft determined that it made sense to offer an update to consumers that would allow them to have greater default control over license acquisition elements within the Player," the spokesperson said.