Home / bulletins MS08-076 – Important: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) - Version:3.0
Posted on 13 January 2009
There is an newer version: MS08-076 - Version: 4.0
ImportantSeverity Rating: Important - Revision Note: V3.0 (January 13, 2009): Added entry to the Frequently Asked Questions (FAQ) Related to This Security Update section explaining that Microsoft has re-released the update packages for Windows Media Format Runtime 9.5 on Windows XP Service Pack 2 (KB952069) and on Windows XP Service Pack 3 (KB952069). Customers running all other supported and affected versions of Windows Media components who have already applied the original security update packages do not need to take any further action. Also, listed Windows Media Player 6.4 and Windows Media Services 4.1 as affected on all editions of Microsoft Windows 2000 Service Pack 4; customers who were offered but have not applied this update, KB954600 for Windows Media Player 6.4, or KB952068 for Windows Media Services 4.1, need to do so.Summary: This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Other versions
- MS08-076 - Version: 1.0
- MS08-076 - Version: 2.0
- MS08-076 - Version: 3.0
- MS08-076 - Version: 3.1
- MS08-076 - Version: 4.0
- MS08-076 - Version: 5.0
- MS08-076 - Version: 4.0
- MS08-076 - Version: 4.0
