To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39127210,00.htm

Microsoft: 'DRM hole? It's not a flaw, but patch it'
'We said we wouldn't but we're going to now...'

By Jo Best

Published: Thursday 20 January 2005

Last week, Microsoft declared Windows Media Player's method of handling DRM licences wasn't a security flaw, and said they wouldn't be issuing a patch. This week, the Redmond giant seems to have changed its mind.

Antivirus company Panda Software warned last week that hackers are using the player's DRM tool to fool people into downloading spyware and viruses.

However, Microsoft said at the time that the issue was not a flaw because it relied on social engineering, rather than automatic infection, to get users to download malware. Two Trojans are already in the wild designed to exploit the mechanism, which affects both Windows Media Player 10 and XP SP2.

Microsoft is sticking to guns and maintaining that the fact that an anti-piracy feature can be exploited does not a security flaw make - but Redmond is saying it will patch the programs anyway.

A Microsoft spokeswoman said: "Microsoft stated several weeks ago that we were looking into the issue and that this problem was not a security flaw. That position has not changed."

"After further review, we determined that it made sense to offer an update to consumers that would allow them to have greater default control over licence acquisition elements within the Player... Microsoft will release an update in the next 30 days," she added.

ZDNet's Dan Ilett contributed to this report