Re: which security hotfixs to implemet ?

[Caeser Augustus <caeser.augustus () gmail com>]

The only way that I think is not going to even copy any WMP files to
installation is if I expressly specify that in the answer file.
However, looking at the wmpocm.inf file (the installer information)
here's what I find:
---------------------------------------
[HideWMP]
Commandline=%11%\setup\wmpocm.exe /HideWMP
TickCount=500

[WMPOCM_Uninstall]
DelFiles=DelNone
Run=HideWMP
-------------------------------------------
Rings a bell huh?
Looks like it will just hide the player but not delete anything.

Even if I think of modifying the installation source and installing, I
think I may end up with crippled Mutimedia subsystem. The security
update on the website for WMP is for scripting problems. I dunno but
if someone were to uninstall [hide ;)] the WMP and tried opening an
MP3, would it open? If it does then that update is necessay, if it
does not ........... well I think I will anyways suggest updating it.
Just in case.

But back to the original question, yes I think Juan would wanna update
the hotfix. Even thoug no user is expected to run it over there, I can
see it most likely that a multimedia enabled page on the webserver may
invoke the WMP scripting routines.

Waiting for comments..

On Thu, 25 Nov 2004 11:48:12 +0530, Prasanna M
<prasannam () catsglobal co in> wrote:
> My first reaction was also to ask why unnecessary software/services were
> present, but then I checked and now I am not sure if there is a clean way to
> remove the "basic" media player(v6.4)? I checked out the services,windows
> components,add/remove progs. The only place that was left was to delete the
> files and remove from registry?
> Do let me know if there is another way to get this done.
>
> Prasanna
>
> -----Original Message-----
> From: Craig Woodward
> To: security-basics () securityfocus com
> Sent: 11/25/2004 12:59 AM
> Subject: Re: which security hotfixs to implemet ?
>
> At the risk of sounding petulant, why keep Media player installed if
> there's
> no intention of using it?
> Quite a few of the exploits detail whether they are exploitable if the
> application is present, even if not in use.  It would be best to read
> the
> details for each update to see if they apply to you.
>
> Craig
>
> ----- Original Message -----
> From: "Juan B" <juanbabi () yahoo com>
> To: <security-basics () securityfocus com>
> Sent: Tuesday, November 23, 2004 6:16 AM
> Subject: which security hotfixs to implemet ?
>
> > Hi,
> > I ran microsoft baseline security against our IIS web
> > servers.
> > the output ( for example) on some servers was that
> > there are some critical updates related to windows
> > media player which I need to implement ,my question
> > is: Do I really need to implement fixes to
> > applications that I dont use ( but still are installed
> > on the server) on those servers (like windwos media
> > player that we dont use on our web servers? ).
> >
> > thanks !
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Meet the all-new My Yahoo! - Try it today!
> > http://my.yahoo.com