CVE-2017-0042

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Media Player in Microsoft Windows 8.1 Windows Media Player in Microsoft Windows Server 2012 R2 Windows Media Player in Microsoft Windows RT 8.1 Windows Media Player in Microsoft Windows 7 SP1 Windows Media Player in Microsoft Windows 2008 SP2 and R2 SP1 Windows Media Player in Microsoft Windows Server 2016 Windows Media Player in Microsoft Windows Vista SP2 Windows Media Player in Microsoft Windows 10 Gold, 1511, and 1607

Description The issue allows remote attackers to obtain sensitive information via a crafted web site. This is related to the lack of protection for service data, which can be exploited by a remote attacker to gain confidential information using a specially formed website.

Recommendations For Microsoft Windows 8.1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012 R2, update to a version that includes the fix for this issue. For Microsoft Windows RT 8.1, update to a version that includes the fix for this issue. For Microsoft Windows 7 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2016, update to a version that includes the fix for this issue. For Microsoft Windows Vista SP2, update to a version that includes the fix for this issue. For Microsoft Windows 10 Gold, 1511, and 1607, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to Windows Media Player until a patch is available.