Vulnerability in Windows Media Center Could Allow Remote Code Execution (MS14-043)

ITS Advisory Number: 
2014-068
Date(s) Issued: 
Tuesday, August 12, 2014
Subject: 
Vulnerability in Windows Media Center Could Allow Remote Code Execution (MS14-043)
Overview: 
A remote code execution vulnerability has been discovered in Microsoft Windows that occurs when a user opens a specially crafted Microsoft Office file. Windows Media Center is a digital video recorder and media player developed by Microsoft. It is an application that allows users to view and record live television, as well as organize and play music and videos. Successful exploitation of this vulnerability could lead to an attacker gaining the same rights to the box as the logged in user, execute arbitrary code and possibly command line access to the system. This could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
Systems Affected: 
  • Windows 7 (Except Starter and Home Basic editions)
  • Windows 8 Professional Edition
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

A remote code execution vulnerability has been discovered in Microsoft Windows that occurs when a user opens a specially crafted Microsoft Office file. Once activated, the specially crafted Microsoft Office file will execute resources from the MCPlayer library, which is a component of Windows Media Center. The vulnerability occurs because MCPlayer fails to properly clean up resources after a CSyncBasePlayer object is deleted. Successful exploitation of this vulnerability could lead to an attacker gaining the same rights to the box as the logged in user, execute arbitrary code and possibly command line access to the system. This could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
We recommend the following actions be taken:
  • Apply appropriate patches provided by Microsoft to affected systems immediately after appropriate testing.
  • Remind users not to download or open files from un-trusted websites, unknown users, or suspicious emails.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.