Nearly two months after promising to update its media player software to block the threat of malware infection, Microsoft Corp. on Tuesday admitted that users of its Windows Media Player 9 Series remain at risk. Redmond has hemmed and hawed on its response to the threat and the circumstances of the latest admission isn"t sitting well with security researchers.
When the first red flag was raised in early January, Microsoft made it clear that the use of rigged .wmv files to exploit the DRM (digital rights management) mechanism was not a software flaw. A week later, the company reversed course and promised new versions of WMP within 30 days. "While this issue is not the result of any exploit of Windows Media DRM, we do recognize it may cause problems for some of our customers," the company said in a statement. To help mitigate these problems, Microsoft said the software would be tweaked to "allow the end-user more control over when and how any pop-ups display in the license acquisition process."