Critical Bug In Legacy Windows Media Players

[Mobo]

Proof-of-concept code that exploits a critical [Only Registered and Activated Users Can See Links. Click Here To Register...] in [Only Registered and Activated Users Can See Links. Click Here To Register...] Media Player has gone public, Microsoft Corp. warned users late Thursday.
A [Only Registered and Activated Users Can See Links. Click Here To Register...] in Media Player 9 and 10 can be used by attackers to grab control of a PC, security researchers warned. A malicious .asx-formatted playlist, if opened by an unsuspecting user, could completely compromise the machine.
"We're aware of proof-of-concept code published publicly affecting Windows Media ASX [Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...] [and] we are currently investigating," wrote Alexandra Huft, a security program manager with the Microsoft Security Response Center, on the[Only Registered and Activated Users Can See Links. Click Here To Register...]. "We are not currently aware of attempts to [Only Registered and Activated Users Can See Links. Click Here To Register...] this vulnerability," she added.
Because .asx playlists open automatically within a browser, hackers would only need to coax users to a malicious [Only Registered and Activated Users Can See Links. Click Here To Register...] to snatch their systems. Microsoft has offered no workarounds or other tactical advice.
The Media Player vulnerability was first reported Nov. 22 byeEye Digital Security, which originally listed it as only a denial-of-service risk. Other security vendors, including[Only Registered and Activated Users Can See Links. Click Here To Register...] and FrSIRT, posted warnings Thursday.
FrSIRT, which labeled the vulnerability as "critical," advised Windows XP users to upgrade to[Only Registered and Activated Users Can See Links. Click Here To Register...], disable the .asx format, or[Only Registered and Activated Users Can See Links. Click Here To Register...] so that playlists don't automatically open within Internet Explorer. Microsoft plans to release six security updates Tuesday, Dec. 12, five of which will involve Windows. In its usual[Only Registered and Activated Users Can See Links. Click Here To Register...], however, the Redmond, Wash. developer did not say whether the Media Player bug would be fixed this month.

[Indiansfan]

Thanks Charlie for the heads up.