NEWS Last week, Microsoft declared Windows Media Player's method of handling DRM licences wasn't a security flaw, and said they wouldn't be issuing a patch. This week, the Redmond giant seems to have changed its mind.
Antivirus company Panda Software warned last week that hackers are using the player's DRM tool to fool people into downloading spyware and viruses.
However, Microsoft said at the time that the issue was not a flaw because it relied on social engineering, rather than automatic infection, to get users to download malware. Two Trojans are already in the wild designed to exploit the mechanism, which affects both Windows Media Player 10 and XP SP2.
Microsoft is sticking to guns and maintaining that the fact that an anti-piracy feature can be exploited does not a security flaw make - but Redmond is saying it will patch the programs anyway.
A Microsoft spokeswoman said: "Microsoft stated several weeks ago that we were looking into the issue and that this problem was not a security flaw. That position has not changed."
"After further review, we determined that it made sense to offer an update to consumers that would allow them to have greater default control over licence acquisition elements within the Player... Microsoft will release an update in the next 30 days," she added.
ZDNet's Dan Ilett contributed to this report
Comments
There are 3 comments. Join the discussion
1. anonymous
"This week, the Redmond giant has changed its mind."
Weird, I had the impression that they had not changed their minds?
"Microsoft stated several weeks ago that they were looking into the issue and that this problem was not a security flaw. That position has not changed."
2. Craig
This is the second time that Microsoft have said a flaw isn't important because there is no automatic infection, and relies on social engineering or someone performing a specific action (the other being the drag-and-drop thing in IE). How much engineering does it take to persuade the average teenage male to do something on a web page or email?
*** CLICK HERE FOR [insert latest popular celeb] NUDE!!! ***
Click!
3. anonymous
I tried it for the first time a week ago. My experience was not exactly good. I spent half an hour downloading an album (via broadband), then tried creating a CD, only to find that technically I had to source a 'licence' from Microoft to play it. The CD of course had no labelling or artwork. The music could be transferred to my non-internet laptop, but not played because of the licences. Simultaneously I ordered the album from Amazon, which arrived within 36 hours. The album was 30% cheaper than the download and would play on my laptop and the files could be copied to it if I wished.
DRM and the ensuing rip offs are not helping the uptake and the whole ethos of the overcharging music industry do themselves no favours. I won't be downloading music again.