Microsoft Update Turns Off Indeo Video Codec Instead Of Fixing It

microsoft_logoFor users of Microsoft Windows 2000 and Later Microsoft has begun their deprecating of OS support by deactivating supported plugins instead of fixing them.

In an Advisory released December 8th Microsoft explains a security problem where remote control of a system can be gained if the user views specifically crafted media content that relies on the Indeo Video Codec.

Instead of fixing the problem Microsoft will turn off support and deregister the codec if you apply the update.

Microsoft says:

Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.

The Indeo codec on systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow code remote code execution when opening specially crafted media content. The update blocks the Indeo codec from being launched in Internet Explorer or Windows Media player. The update also removes the ability for this codec to be loaded when browsing the Internet with any other applications. By only allowing applications to use the Indeo codec when the media content is from the local system or from the intranet zone, and by preventing Internet Explorer and Windows Media Player from launching the codec at all, this update removes the most common remote attack vectors but still allows games or other applications that leverage the codec locally to continue to function.

Note

The Indeo Codec is or has been used by many manufacturers that rely on the codec for support of their hardware including TV Cards and other video products.

This could cause some serious problems for end  users that need this codec to perform correctly.

Be careful and review all products and software you are using before applying this patch because it not only stops viewing of media from the internet but possibly also from your own local and networked computers depending on the design of your network.

For more information view

http://www.microsoft.com/technet/security/advisory/954157.mspx