Security Basics mailing list archives
Re: which security hotfixs to implemet ?
From: Caeser Augustus <caeser.augustus () gmail com>
Date: Fri, 26 Nov 2004 10:03:34 +0530
The only way that I think is not going to even copy any WMP files to installation is if I expressly specify that in the answer file. However, looking at the wmpocm.inf file (the installer information) here's what I find: --------------------------------------- [HideWMP] Commandline=%11%\setup\wmpocm.exe /HideWMP TickCount=500 [WMPOCM_Uninstall] DelFiles=DelNone Run=HideWMP ------------------------------------------- Rings a bell huh? Looks like it will just hide the player but not delete anything. Even if I think of modifying the installation source and installing, I think I may end up with crippled Mutimedia subsystem. The security update on the website for WMP is for scripting problems. I dunno but if someone were to uninstall [hide ;)] the WMP and tried opening an MP3, would it open? If it does then that update is necessay, if it does not ........... well I think I will anyways suggest updating it. Just in case. But back to the original question, yes I think Juan would wanna update the hotfix. Even thoug no user is expected to run it over there, I can see it most likely that a multimedia enabled page on the webserver may invoke the WMP scripting routines. Waiting for comments.. On Thu, 25 Nov 2004 11:48:12 +0530, Prasanna M <prasannam () catsglobal co in> wrote:
My first reaction was also to ask why unnecessary software/services were present, but then I checked and now I am not sure if there is a clean way to remove the "basic" media player(v6.4)? I checked out the services,windows components,add/remove progs. The only place that was left was to delete the files and remove from registry? Do let me know if there is another way to get this done. Prasanna -----Original Message----- From: Craig Woodward To: security-basics () securityfocus com Sent: 11/25/2004 12:59 AM Subject: Re: which security hotfixs to implemet ? At the risk of sounding petulant, why keep Media player installed if there's no intention of using it? Quite a few of the exploits detail whether they are exploitable if the application is present, even if not in use. It would be best to read the details for each update to see if they apply to you. Craig ----- Original Message ----- From: "Juan B" <juanbabi () yahoo com> To: <security-basics () securityfocus com> Sent: Tuesday, November 23, 2004 6:16 AM Subject: which security hotfixs to implemet ?Hi, I ran microsoft baseline security against our IIS web servers. the output ( for example) on some servers was that there are some critical updates related to windows media player which I need to implement ,my question is: Do I really need to implement fixes to applications that I dont use ( but still are installed on the server) on those servers (like windwos media player that we dont use on our web servers? ). thanks ! __________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com
Current thread:
- which security hotfixs to implemet ? Juan B (Nov 24)
- Re: which security hotfixs to implemet ? xyberpix (Nov 24)
- Re: which security hotfixs to implemet ? Jacob Weeks (Nov 24)
- RE: which security hotfixs to implemet ? Steve Fletcher (Nov 24)
- Re: which security hotfixs to implemet ? Craig Woodward (Nov 24)
- Re: which security hotfixs to implemet ? hutuworm (Nov 27)
- <Possible follow-ups>
- RE: which security hotfixs to implemet ? Andrew Shore (Nov 25)
- Re: which security hotfixs to implemet ? Rino Mardo (Nov 26)
- RE: which security hotfixs to implemet ? Prasanna M (Nov 25)
- Re: which security hotfixs to implemet ? Gethin Jones (Nov 27)
- Re: which security hotfixs to implemet ? Caeser Augustus (Nov 27)
- Re: which security hotfixs to implemet ? GuidoZ (Nov 27)