Microsoft have today released critical security bulletin MS11-015. This is a vulnerability in reading DVR-MS files and affects all versions of Media Centre: MCE2005, Vista (including TV Pack) and Windows 7.

From the article:

Executive Summary

This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.

This security update is rated Critical for affected editions of Windows XP (including Windows XP Media Center Edition 2005); all supported editions of Windows Vista and Windows 7; and Windows Media Center TV Pack for Windows Vista. This security update is also rated Important for all supported editions of Windows Server 2008 R2 for x64-based systems.

The security update addresses the vulnerabilities by modifying the way library files and Windows media files are opened.

Leave a Reply