Microsoft Security Bulletin MS06-078 “Vulnerability in Windows Media Format (923689)”

Vulnerability in Windows Media Format (923689)

Issued on: 12/12/2006

Microsoft says it is:    Critical   

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows XP Professional 64-Bit Edition, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64 Edition, Windows Media Player 6.4

Affected Software Service Packs: Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows XP 64-Bit Gold, Windows Server 2003 Gold, Windows Server 2003 SP1, Windows Server 2003 x64 Gold, Windows Media Player 6.4 Gold

Details:
This update resolves two newly discovered vulnerabilities. These vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Microsoft recommends that customers apply the update immediately.

For more information visit MS06-078