The only way that I think is not going to even copy any WMP files to
installation is if I expressly specify that in the answer file.
However, looking at the wmpocm.inf file (the installer information)
here's what I find:
---------------------------------------
[HideWMP]
Commandline=%11%\setup\wmpocm.exe /HideWMP
TickCount=500
[WMPOCM_Uninstall]
DelFiles=DelNone
Run=HideWMP
-------------------------------------------
Rings a bell huh?
Looks like it will just hide the player but not delete anything.
Even if I think of modifying the installation source and installing, I
think I may end up with crippled Mutimedia subsystem. The security
update on the website for WMP is for scripting problems. I dunno but
if someone were to uninstall [hide ;)] the WMP and tried opening an
MP3, would it open? If it does then that update is necessay, if it
does not ........... well I think I will anyways suggest updating it.
Just in case.
But back to the original question, yes I think Juan would wanna update
the hotfix. Even thoug no user is expected to run it over there, I can
see it most likely that a multimedia enabled page on the webserver may
invoke the WMP scripting routines.
Waiting for comments..
On Thu, 25 Nov 2004 11:48:12 +0530, Prasanna M
<prasannam@catsglobal.co.in> wrote:
My first reaction was also to ask why unnecessary software/services were
present, but then I checked and now I am not sure if there is a clean way to
remove the "basic" media player(v6.4)? I checked out the services,windows
components,add/remove progs. The only place that was left was to delete the
files and remove from registry?
Do let me know if there is another way to get this done.
Prasanna
-----Original Message-----
From: Craig Woodward
To: security-basics@securityfocus.com
Sent: 11/25/2004 12:59 AM
Subject: Re: which security hotfixs to implemet ?
At the risk of sounding petulant, why keep Media player installed if
there's
no intention of using it?
Quite a few of the exploits detail whether they are exploitable if the
application is present, even if not in use. It would be best to read
the
details for each update to see if they apply to you.
Craig
----- Original Message -----
From: "Juan B" <juanbabi@yahoo.com>
To: <security-basics@securityfocus.com>
Sent: Tuesday, November 23, 2004 6:16 AM
Subject: which security hotfixs to implemet ?
Hi,
I ran microsoft baseline security against our IIS web
servers.
the output ( for example) on some servers was that
there are some critical updates related to windows
media player which I need to implement ,my question
is: Do I really need to implement fixes to
applications that I dont use ( but still are installed
on the server) on those servers (like windwos media
player that we dont use on our web servers? ).
thanks !
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
