When we asked Microsoft about a rather nasty Windows media player bug earlier this month, we were told that "this is not a security hole -- it's using a feature of the DRM in a way to get users to download something, but it's not a hole that needs to be patched.". As readers might remember, the exploit used a weakness in the way WMP gets licenses for content to direct users to sites filled with adware and spyware.
eWeek today announced that Microsoft are reversing their position on the bug, and that the company would in fact be releasing an update to fix the problem. Although true that an update will be issued, Microsoft deny that they are reversing their position. Mike Coleman, Lead Product Manager of Windows Client team today said that the company had intended to look into the problem. He also stated that contrary to many reports, the problem was not a security flaw. "After that review, we determined that it made sense to offer an update to consumers that would allow them to have greater default control over license acquisition elements within the Player".
The update will be available within the next 30 days. The patch will allow the end user more control over when and how any pop ups get displayed in the licence acquisition process. Microsoft urges users to only view website and content from trusted sources, and ensure they are patched up to date on Windows Update.
More on the issue