Microsoft coughs to faulty WMV patch

Microsoft coughs to faulty WMV patch

Microsoft's latest Patch Tuesday updates, released last week, fixed a security hole in a Windows Media DLL - but in doing so broke third-party software.

Microsoft has admitted that yet another Windows Update, released to users last week, comes with a flaw resulting in selected video editing applications throwing a wobbler.

The MS13-057 patch, released as part of the company's monthly Patch Tuesday cycle, was rated as Critical by the company for its addressing of a security flaw in a Windows Media dynamic link library (DLL) shipped with Windows Media Format Runtime and Windows Media Player 11 and 12 - in other words, everything from Windows XP Service Pack 3 right through to Windows 8 and Windows RT.

Unpatched, the vulnerability allowed for attackers to run arbitrary code on a system under the credentials of the logged-in user by sharing a specially-crafted and malicious Windows Media Player-compatible file. Once opened, the payload would be executed without user interaction.

It's a flaw Microsoft has been keen to patch as quickly as possible: with a Critical rating on all supported versions of Windows, bar those running on Intel's Itanium platform and Windows Server 2008 and 2012 installations made using the Server Core option, the vulnerability was leaving plenty of customers open to exploitation. Sadly, in its rush to get the patch out, it appears that Microsoft has skipped a bit of critical testing.

As a result, the patch is now awaiting a patch that will address compatibility with third-party programs designed to edit or play Windows Media Video-format files. According to Microsoft's updated bulletin, affected third-party packages include Camtasia Studio, Adobe Premier Pro, Serif MoviePlus and YouTube Movie Maker, with other software thought to suffer from similar issues when WMV files are in play.

The company has promised to investigate the issue and 'take appropriate action to help protect our customers[, which] may include providing mitigations and workarounds or re-releasing this security update.' For now, though, the only known workaround is to use non-WMV formats when editing video files.

The flawed update is the latest in an unfortunate string of gaffes from the company, which saw last month's patch pile include a bug which broke the System File Checker Tool and in April caused machines to crash on reboot. Thus far, Microsoft has not provided a timescale for releasing a bug-fixed version of the update.


Discuss in the forums Reply
mi1ez 17th July 2013, 12:01 Quote
Carbonific 17th July 2013, 12:14 Quote
This faulty patch also managed to break all the videos in Rome: Total War. I thought it was a one-off thing until I started reading others had encountered the same thing all within a very short time span.
John_T 17th July 2013, 14:19 Quote
My VLC went mental last week for no apparent reason. Unistalled it, reinstalled it, spent ages trying to figure out what went wrong - it's still temperamental and doesn't want to start half the time, (or takes, literally, ten minutes to get going).

Now I know why...
ArthurB 17th July 2013, 21:09 Quote
Originally Posted by John_T
My VLC went mental last week for no apparent reason.
VLC has its own codecs though. Surely it wouldn't be affected?
DriftCarl 17th July 2013, 22:16 Quote
why does it affect full installs of server 2008 and 2012? what use is media player functions in server versions other than presenting media via RDS, and what company would even do that?
John_T 18th July 2013, 00:04 Quote
Originally Posted by ArthurB

VLC has its own codecs though. Surely it wouldn't be affected?

Seems a hell of a coincidence if it's not related...
siliconfanatic 18th July 2013, 00:09 Quote
Is it just me or are these faulty updates occuring more+more frequently? Ever since the "black-hole update" Another faulty update occurs every other week or so.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.

Discuss in the forums