Microsoft has admitted that yet another Windows Update, released to users last week, comes with a flaw resulting in selected video editing applications throwing a wobbler.
The MS13-057 patch, released as part of the company's monthly Patch Tuesday cycle, was rated as Critical by the company for its addressing of a security flaw in a Windows Media dynamic link library (DLL) shipped with Windows Media Format Runtime and Windows Media Player 11 and 12 - in other words, everything from Windows XP Service Pack 3 right through to Windows 8 and Windows RT.
Unpatched, the vulnerability allowed for attackers to run arbitrary code on a system under the credentials of the logged-in user by sharing a specially-crafted and malicious Windows Media Player-compatible file. Once opened, the payload would be executed without user interaction.
It's a flaw Microsoft has been keen to patch as quickly as possible: with a Critical rating on all supported versions of Windows, bar those running on Intel's Itanium platform and Windows Server 2008 and 2012 installations made using the Server Core option, the vulnerability was leaving plenty of customers open to exploitation. Sadly, in its rush to get the patch out, it appears that Microsoft has skipped a bit of critical testing.
As a result, the patch is now awaiting a patch that will address compatibility with third-party programs designed to edit or play Windows Media Video-format files. According to Microsoft's
updated bulletin, affected third-party packages include Camtasia Studio, Adobe Premier Pro, Serif MoviePlus and YouTube Movie Maker, with other software thought to suffer from similar issues when WMV files are in play.
The company has promised to investigate the issue and '
take appropriate action to help protect our customers[, which] may include providing mitigations and workarounds or re-releasing this security update.' For now, though, the only known workaround is to use non-WMV formats when editing video files.
The flawed update is the latest in an unfortunate string of gaffes from the company, which saw last month's patch pile include
a bug which broke the System File Checker Tool and in April
caused machines to crash on reboot. Thus far, Microsoft has not provided a timescale for releasing a bug-fixed version of the update.
Want to comment? Please log in.