Finally, a (partial) solution for “poisoned” Windows Media files!
Update: The original version of this post contained an error. According to my testing, the most recent version of Windows Media Player 10 does not include all of the fixes referred to in this article. The Windows Media FAQ offers this confusing explanation: “If you installed the latest update to Windows Media Player 10 (version 10.00.00.3802 or later), clearing [the Acquire Licenses Automatically] setting will potentially affect all protected files that you try to play, burn, or synchronize. If you have not installed the latest update to Windows Media Player 10, this setting will only affect certain types of protected files.” See the updated instructions below.
Microsoft has finally released an update that protects some users of Windows Media Player 9 Series from media files that try to install spyware/adware by exploiting a flaw in the license acquisition process. (For background on this issue, see How to fumble a security update.)
The procedure for fixing this issue varies depending on your Windows version and which version of Windows Media Player you’ve chosen to use. Microsoft has done a terrible job of getting out the word that an update is available, and as a result most Windows users are still unprotected. The full version of this post contains detailed instructions and is a must-read for any Windows user.
- If you run Windows XP and you have upgraded to Windows Media Player 10, download and install the update for Windows Media Player 10 from this page. (Update: I removed some instructions that refer to installing the most recent version of Windows Media Player 10. As it turns out, this update, despite Microsoft’s earlier assurances to me, does not necessarily provide the same functionality as the patch. If you want the latest version, which is identified as 10.00.00.3802, you can download it manually from this page.)
- If you run Windows XP and you have not upgraded to Windows Media Player 10, I recomend that you do so by clicking the link in the previous paragraph. If you choose not to update to WMP10, then scroll to the bottom of this page and download the patch for Windows Media Player 9 Series for Windows XP.
- If you run Windows 2000 or Windows Server 2003, make sure you are running the latest version of Windows Media Player 9 Series (this page should point you to the correct files). Then download and install the update for your operating system from this page.
You should make these changes even if you normally use another program to handle audio and video files. After making these changes, open Windows Media Player, click Tools, Options, click the Privacy tab, and clear the Acquire licenses automatically for protected content option. From this point forward, you will see a warning dialog box any time a Windows Media file tries to download a license. If the file comes from an untrusted source, you can click No and reject the Web page associated with the license, effectively blocking the attempt to install a spyware/adware program.
If you run Windows 98 or Windows Me, there is no patch for Windows Media Player 9 Series. If you are unable or unwilling to upgrade to Windows XP, I strongly recommend that you disable all downloads of signed and unsigned ActiveX controls.
Trying to get information out of Microsoft’s Windows Media team on this issue has been painful, to say the least. The program manager for this group ignored two e-mail messages I sent last week. Last Friday, I spoke with a representative of Microsoft’s PR agency handling this issue, Weber Shandwick. No response. The updates for Windows Media Player 9 Series were posted with no notice, and it wasn’t until a month later that the associated Knowledge Base article was updated. The fixes are not available via Windows Update or through the normal update process for Windows Media Player. The documentation that explains what additional settings need to be adjusted is buried in a lengthy FAQ. In other words, people who need this update are unlikely to find it, install it, and configure it correctly. So, Microsoft can truthfully claim that they’ve “fixed” this problem (at least for people using Windows 2000 / XP / Server 2003), but most customers won’t experience this benefit.
As a company, Microsoft has done a superb job in changing its approach to security over the past two years. When dealing with Windows vulnerabilities, the Security Response Center has been a model of transparency and quick response. However, the Windows Media group hasn’t got the message. Their response to this important security issue – or more accurately, their lack of response – has been pitiful.
23 Responses to Finally, a (partial) solution for “poisoned” Windows Media files!
Hi – I downloaded your Media Player 10 update. And I downloaded codecs from Microsoft. My problem, MP screen comes on as soon as my XP Home boots up. I have to close it before I can click Start and Internet or E-Mail. And short videos attached to E-Mails still play only sound with no picture. What else can I try? Thanks for your help.
KMullins, July 3, 2005 11:05 a.m.
K, I’m sorry, but I can’t offer tech support here in the comments. It sounds like you have a program or a file that’s trying to load when you start up your computer. If you use the search box on this site (top right corner) to search for startup, you’ll find some ideas, including this tip.
Best of luck to you.
I am new to computers,I have “microsoft autmatic updates” and some how I think it installed wmp 10 and now I CAN NOT WATCH MOVIES. I bought the computer 2 years ago and iI used to watch movies on my computer via dvd ram, I have windows xp and now when I want ot play a movie a small window says I most install a decoder, I HAVE IT ALREADY WHEN I BOUGHT THIS COMPUTER. I ask at the store and the tech says that maybe it was automatically erased when I installed wmp 10 please HELP