more on the media player patch....
i keep finding extra stuff about this vulnerability, and hopefully this isn't boring anyone to tears (well, it's bound to bore some). <g3>
anyway, on the previously linked site....
Microsoft Security Bulletin MS01-029
Windows Media Player .ASX Processor Contains Unchecked Buffer
microsoft.com
... you might want to take a closer look at the technical details hyperlink. upon expanding it, about four paragraphs down you'll find this:
*********************************
"In addition, this patch provides a solution to a potential privacy vulnerability that was recently identified. This issue could be exploited by a malicious set of web sites to distinguish a user. While this issue would not by itself enable a web site to identify the user, it could enable the correlation of user information to potentially build a composite description of the user. .Users can protect themselves by installing the above patch or upgrading to Windows Media Player 7.1, then changing the appropriate settings in their player as outlined below to prevent sets of websites from potentially profiling using Windows Media Player.
In Windows Media Player 6.4, the privacy setting is selected via a new option, which can be reached by going to the menu item View / Options then selecting the player tab and de-selecting “Allow Internet sites to uniquely identify your player”.
In Windows Media Player 7.1, the privacy setting is toggled via the existing option under the tools menu, on the player tab and deselect the option “Allow Internet sites to uniquely identify your player”.
*********************************
fwiw, i downloaded and installed the patch, then made the above options de-selection. i haven't been running the pc long enough to know if there are any side effects. plus i've installed about three upgrade/patch-type programs tonight, so even if something did start acting up, i might be hard pressed to identify the offending program.
:)
mark |
