Two weeks ago Microsoft issued a security bulletin regarding at least eight vulnerabilities affecting all versions of the Windows operating system. The company was urging Windows users to pay special attention to MS12-004, which is a “critical” bulletin that provides fixes for two serious flaws in the way Windows 7 Media PLayer handles certain media files security flaws.
Well, since then hackers have found new Media Player Security flaws and are exploiting this issue to plant malware on unpatched computers. The vulnerability works when the in-the-wild attacks are launched through web sites rigged with booby-trapped Windows media files. The vulnerability occurs when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, this allows remote attackers to execute arbitrary code.
So what happens? The end result is a malicious Trojan with rootkit capabilities infecting the computer. The attack happens silently in the background and all the user sees is a blank WMP application playing a file. So with the Trojan in place, the attack on the computer can begin.
With a specially crafted MIDI file, the successful attacker could gain remote code execution against a target running the ubiquitous Windows Media Player.
The second critical vulnerability caused by the Media player occurs when filters in DirectShow do not properly handle media files in the way that they should. The filter is supposed to keep out certain code, preventing it from executing. But it doesn’t do that. DirectShow is a part of Microsoft DirectX, a Windows feature used for streaming media on Windows operating systems to enable graphics and sound when playing games or watching video.
Since the media player keeps working, users do not notice anything wrong until the virus or root kit launches. Then they may not even know or suspect where the problem originated, or even what is launching the virus now.
Microsoft suggests that getting the update patch, on the original vulnerability is necessary. However, they will have to make another patch quickly.