Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Order books and more at Amazon.com

Order Windows 2000 Secrets from Amazon.com

BugBlog Bug of the Month

Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past month. Sometimes, the bug will be the one which could potentially cause the most damage; sometimes it will be the bug which affects the most users. And sometimes, it will be the bug that is just the most interesting bug. This bug will be selected either from the free Bug of the Day, or from the subscription-only BugBlog Plus.

The BugBlog Bug of the Month actually comes in two parts, both affecting portions of Microsoft Windows Media Player. Theyappeared on February 14, with the first portion appearing in the free Bug of the Day, and the second one in the BugBlog Plus:

The plug-in version of Microsoft Windows Media Player, which is designed to work within a web browser, appears to open up a serious security hole when it is used with non-Microsoft browsers from Mozilla and Netscape. If you are using the browser, and come upon a maliciously designed webpage that has content set up to play in Windows Media Player, and that content has a very long embed src tag, the attacker may be able to overwrite memory and run their code on your computer. Get the update from Microsoft at
http://www.microsoft.com/technet/security/bulletin/MS06-006.mspx. As a workaround, you can make sure that Windows Media Player is not the default plug-in for media files that you may run across. Microsoft credits iDefense for finding this bug. Note that the plug-in doesn't cause problems for the Opera browser, nor from Microsoft Internet Explorer. (Does this mean if Microsoft can't beat you in the market, they will destroy you from within? Nah, couldn't be.)

Microsoft has a security update for most of the recent versions of Windows Media Player running on Windows 2000, XP and Server 2003. A remote attacker may be able to construct a malicious bitmap (.bmp) file that, if viewed on a website or email message, may allow the attacker to take complete control of your system. See the full listing of vulnerable versions, and links to patches, at http://www.microsoft.com/technet/security/Bulletin/MS06-005.mspx. Microsoft credits Marc Maiffret of eEye for finding this bug.

Why these bugs? Well, they pass the Critical test -- they can allow a remote attacker to take control of your computer. They are also widespread -- given the market share of Windows XP, any problem with one of its components is going to cause some concern. Plus, truth be told, there wasn't a lot of competition in February. But a win is still a win -- so chalk up another Bug of the Month for Microsoft.

Previous Bugs of the Month

Feb 2006: Apple QuickTime

Jan 2006: Microsoft WMF Bug

Dec 2005: Sony's Secret DRM Scheme Leaves Users Exposed

November 2005: Four Separate Bugs Leave Windows Open to Takeover

October 2005: Acrobat Screws Up MS Word

September 2005: Apple Security Update Breaks 64-bit Apps

August 2005: Cisco IOS Vulnerable to IPv6 bug

July 2005: RealNetworks Fixes Four Bugs in Their Media Player

June 2005: Flawed Rollout for Netscape 8

May 2005: TCP/IP Fix for Windows

April 2005: Denial of Service against Symantec Norton AntiVirus

March 2005: IDN Spoofing Bug

February 2005: Windows Animated Cursor Bug

January 2005: Windows Firewall Problems with Dial-up connections

The Bug of the Month is also posted at Blogcritics.org