Softpedia >News >Microsoft >Patches and Vulnerabilities
Softpedia Homepage   

Patch First Windows 7 SP1 RTM Vulnerability - DVR-MS Flaw

Mar 9, 2011 13:06 GMT  ·  By
Windows 7
   Windows 7

Customers already running the recently released Windows 7 Service Pack 1 (SP1) RTM will need to patch their copy of the operating system applying one of the security updates that Microsoft released this week. The patch is included in Microsoft Security Bulletin MS11-015 which is designed to resolve two vulnerabilities, one in DirectShow and one in Windows Media Player and Windows Media Center.

It’s the DVR-MS Vulnerability - CVE-2011-0042 that is considered to be most severe, rated Critical by Microsoft, and also impacting Windows 7 SP1 RTM.

“A remote code execution vulnerability exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files. This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted .dvr-ms file,” Microsoft warned.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

However, in order for an exploit to be successful, an attacker needs to first convince users to launch a malformed video Microsoft Digital Video Recording with one of the components of Windows that are impacted by the DVR-MS vulnerability.

Without victims launching a malicious file in either Windows Media Player or Windows Media Center, an attack cannot be successful.

I have included download links for the MS11-015 patch package for Windows 7 SP1 RTM at the bottom of this article.

However, users must be warned of the fact that additional copies of Windows are also affected by the Critical DVR-MS vulnerability, and that they need patching as well.

The security updates have already been released through Windows Update, but they can also be downloaded and installed manually via this link.

Also, early adopters still running Windows 7 SP1 Release Candidate (RC) should know that their copy of the platforms are also impacted by MS11-015 and that they also need to apply the patch.

Security Update for Windows 7 (KB2479943)

Security Update for Windows 7 for x64-based Systems (KB2479943)

Windows 7 Service Pack 1 (SP1) RTM Build 7601.17514.101119-1850 and Windows Server 2008 R2 Service Pack 1 (SP1) RTM are available for download here.