Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theatre
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
Subscribe to this blog
If WMP doesn't locate a license to play copy-protected files on your PC, the program will go online to obtain usage licenses from a valid Windows Media Digital Rights Management server. That process has let some adware purveyors push spyware and adware onto users' PCs, especially those on peer-to-peer file-sharing networks like Kazaa. Crackers could employ the same mechanism to install viruses or other attack programs.
You can see a few workarounds here. At press time, Microsoft said that it is updating WMP to stop adware and hack attacks. An updated version of the app is available from Microsoft's site now.
You might run afoul of WMP's Digital Rights Management in a different way--by changing your PC's hardware configuration. If you then attempt to play a copy-protected file, Windows' DRM system may sense, by mistake, that you're trying to pirate copies of licensed content onto another PC and refuse to play the files. The easiest fix is to change everything back. The other workaround is complex and involves deleting the licenses you paid for. So back up your licenses before you reconfigure hardware or change settings. Details on Microsoft's workarounds are available here.
Plug More Holes
Microsoft fixed a hole in Windows Help that could let a bad guy control your machine if you click a malicious link on a Web page or in an HTML-based e-mail. You don't have to use the Windows Help system to be attacked, either.
The vulnerability affects Windows 98 through XP Service Pack 2. However, Outlook Express 6 and Outlook 2002 and 2003 users are protected. To be safe, download the fix.
Microsoft patched another vulnerability that's almost as dangerous as the Help issue, except that XP SP2 will protect you. The hole is in the part of Windows 98 through XP SP1 that displays cursors, bitmap images, and icons. For example, an attack program could appear as an animated cursor. The instant you click, a cracker could take over your PC. You're protected from e-mail attacks if you have the versions of OE and Outlook listed above. But you're still vulnerable to a Web-based attack, so download the patch.
Qualcomm patched several security holes in Eudora and has released a new version. Security firm Secunia rates these holes as highly critical. All versions of Eudora (6.2.0 and earlier) are vulnerable. Download version 6.2.1.
As we went to press, Microsoft released its monthly collection of security updates. This monster set of 12 patches fixes 16 weaknesses in Windows, Internet Explorer, Microsoft Office, and other programs. Get links to the patches and security bulletins for the slew of Windows and IE updates, and get the Office updates. And you can also read PC World's news story.
Found A hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.
Stuart J. Johnston is a contributing editor for PC World.
