Microsoft KB Archive/940893

= Changes in Windows Media Player that are introduced after you install security update 936782 =

Article ID: 940893

Article Last Modified on 10/11/2007

-

APPLIES TO

 Microsoft Windows Media Player 11, when used with:  Windows Vista Enterprise

 Windows Vista Business

 Windows Vista Home Basic

 Windows Vista Home Premium</li></ul>

 Windows Vista Ultimate</li></ul>

 Windows Vista Starter</li></ul>

 Windows Vista Ultimate 64-bit edition</li></ul>

 Windows Vista Home Premium 64-bit edition</li></ul>

 Windows Vista Home Basic 64-bit edition</li></ul>

 Windows Vista Enterprise 64-bit edition</li></ul>

 Microsoft Windows XP Service Pack 2</li></ul>

 Microsoft Windows XP Professional x64 Edition</li></ul> </li> <li>Microsoft Windows Media Player 10</li> <li>Microsoft Windows Media Player 10, when used with: <ul> <li>Microsoft Windows Server 2003 Service Pack 2</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

<ul> <li>Microsoft Windows XP Professional x64 Edition</li></ul>

<ul> <li>Microsoft Windows XP Service Pack 2</li></ul> </li> <li>Microsoft Windows Media Player 9 Series, when used with: <ul> <li>Microsoft Windows XP Professional</li></ul>

<ul> <li>Microsoft Windows XP Home Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Small Business Server 2000 Standard Edition</li></ul> </li></ul>

-

<div class="notice_section">

Notice
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

<div class="summary_section">

SUMMARY
Microsoft has made defense in depth changes to Microsoft Windows Media Player to help with security in social networking sites. These changes are introduced after you install security update 936782 (security bulletin MS07-047).

<div class="moreinformation_section">

MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

You install the security update that is described in the following Knowledge Base article:

936782 MS07-047: Vulnerability in Windows Media Player could allow remote code execution

After you install the security update, you notice that you must have Adobe Flash 9 installed to play Flash content through Windows Media Player. If Flash 9 is not installed, a dialog box that contains the following text prompts you to install Flash 9:

To play the selected item, you must install a later version of the Macromedia Flash Player. To download the Macromedia Flash Player, go to the Macromedia Web site.

Additionally, after you install the security update, you can pass the following parameters to Flash to make Flash more secure:
 * 1) <param name=&quot;allowScriptAccess&quot; value=&quot;never&quot;>
 * 2) <param name=&quot;allowNetworking&quot; value=&quot;internal&quot;>

Note By default, this new behavior is enabled. To disable this new behavior, follow these steps: <ol> <li>Click Start, click Run, type regedit, and then click OK.</li> <li>Locate and then click the following registry subkey:

</li> <li>On the Edit menu, point to New, and then click DWORD Value.</li> <li>Type RestrictFlash, and then press ENTER.</li> <li>Double-click RestrictFlash.</li> <li>Type 0 (zero) in the Value data area, click Decimal in the Base area, and then click OK.</li> <li>Close Registry Editor.</li></ol>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbpubtypekc kbexpertiseadvanced kbexpertisebeginner KB940893

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.