Re: Microsoft Patch Tuesday March 2010 MovieMaker patch errors

Feedback on Robert Keith's Blog Microsoft Patch Tuesday March 2010

QUOTE:

2. MS10-017 Vulnerability in Microsoft Movie Maker Could Allow Remote Code Execution (975561)

CVE-2010-0265 (BID 38515) Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Movie Maker and Microsoft Producer when processing specially crafted Movie Maker project files (‘.mswmm’). An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Movie Maker project file with the affected application. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Movie Maker 2.1, 2.6 and 6.0, and Microsoft Producer 2003

ENDQUOTE

The Microsoft's  MS10-017 and  KB975561 article links for patches, hotfixes or fixits did not resolve or patch MovieMaker on my Windows 7 Professional 32-bit system, nor did WindowsUpdate find or offer any solutions to the MovieMaker vulnerability.  WindowsUpdate has not installed any updates referring to MovieMaker or KB975561, and is up-to-date as of this moment.

The KB975561 patch downloaded without issue, but erroneously reports that MovieMaker is not installed.  A related Microsoft Fix-It also reported that MovieMaker is not installed.  In point of fact MovieMaker is installed on this Windows 7 Professional Retail 32-bit Upgrade OS.  The Fix-It patch recommended downloading and installing MovieMaker 2.6, then re-running the Fix-It tool.  However, MovieMaker is included in Windows 7 Pro, and all Microsoft Downloads listings for MovieMaker 2.x (or 2.6) are for Vista or XP SP-x OSs.

Perhaps I am misreading the MS Security Bulletin and KnowledgeBase articles, but it seems that in this particular instance, the provided patches or fix-its leave the issue unresolved and the system vulnerable to this exploit. (?)

• Am I misreading the applicable operating system and application version for this issue?
• Does this apply to Windows 7 Professional 32-bit and the Win7Pro MoveMaker?
• Have others experienced this issue on Windows 7?
• If still vulnerable, recommended work-around or mitigation?

For the interim, I am not using MovieMaker since i have other non-MS Video editing and burning applications.

Thanks to Robert Keith for the Post, which brought this to my attention.

John Conrod
(Retired IT Pro, still active in PC Security and Apps as an avocation)

[Current Symantec apps:  NIS 2010, NU14) -- and Norton User since DOS days! ;-)]