Another botched Windows patch: MS13-057/KB 2803821/KB 2834904
It looks like this week’s Black Tuesday patches include at least one real stinker: MS 13-057/KB 2803821 has been blamed for problems with recent editions of several products. Until Microsoft pulls the patch — or acknowledges the problem — I advise against installing it.
MS 13-057/KB 2803821 is billed as a “security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12.” Microsoft rates the patch as “critical” with an exploitability ranking of 2. It’s directed at the vulnerability reported in CVE-2013-3127.
The SANS Internet Storm Center describes the problem as “an input validation problem in Windows Media format (WMV — Windows Media Player, not to be confused with the infamous WMF format) [that] allows random code execution.” According to SANS, there are no publicly known exploits…