Microsoft Blocks Bug Rather than Issue Patch
Microsoft didn't feel like wasting time patching Intel's Indeo codec, so it just blocked it in a recent update instead.
Here's an unusual move for Microsoft: blocking buggy code rather than releasing a patch. That's what Computerworld reports, saying that the company chose to disable a 17-year-old (Indeo) video codec as outlined in this Microsoft Security Advisory. The codec compresses and decompresses video data to provide smaller file sizes, however Microsoft is now blocking Indeo in Internet Explorer and Media Player, making Indeo-coded video unwatchable.
According to Microsoft, the Indeo codec on systems running Windows 2K, XP, and Server 2003 could allow code remote execution when opening maliciously altered content. As already stated, Microsoft's recent update doesn't fix this problem, but merely blocks the codec from loading. This also means that Indeo will be blocked using any other application as well.
The security issue with Indeo isn't anything new. Computerworld reports that iDefense uncovered the vulnerability more than a year ago, and thus informed Microsoft of the problem. The Indeo codec itself, originally developed by Intel, is old and rarely used. So why did Microsoft wait so long in addressing the issue, and why wasn't the vulnerability simply patched?
"In this case, we created defense-in-depth changes that reduce the attack surface and removed the functionality of this codec rather than addressing individual vulnerabilities because it provided more comprehensive protection for an older, less used codec," said a spokesperson from Microsoft.
- U.S. Teens Ingoring Texting-While-Driving Law
- EA CEO Leaks Sony Motion Controller Codename
- FTC: Hey, There's Adult Content In Virtual Worlds!
- VIDEO: PS3 + Epson Projector = Extreme Gaming
- Climax: Hardcore Games on Wii Difficult to Make
- Nokia Closing Flagship Stores in U.S.
- Norwegians Mistake Missile for Alien Spacecraft
- Yahoo! Chief: God Bless Tiger Woods
- Woman Sues Burger King for Textual Harrassment
- Mobile Firefox Rolls Out This Month
- Singer Stalks Google Car to Get Photographed
- Playboy's Official iPhone App Hits the App Store
- PICTURED: The Google Phone - Nexus One
- Judges, Lawyers Told Not to Facebook Each Other
- Google VP: Nexus Specs "Exclusive" to Googlers
- Windows Mobile 7 to Arrive Late Next Year
- Xbox Modded into Millennium Falcon
- Interplay Wins Fallout Battle Against Bethesda
- Plurk Claims Microsoft Stole Its Code
The first computer I had, that featured video capture was using this Indeo video compression. I think that was like 1996ish. Was a nice codec I guess since it ran on a 233Mhz machine with 128MB's of RAM and I had decent quality video and sound out of it. I do remember also running a VooDoo2 in it at the time too...
The real test of this blocking is that if anyone notices that they cannot play those video's any more. If no one notices then its a non issue, if a bunch of people complain then MS needs to patch it. I might notice it if I dug around in my ancient CDR's from that time period lol
They should have done the next best thing to block it. Delete it!
That codec is one of the very first AVI codecs, and it wasn't great even back then, I think it predates Mpeg2, the compression and quality was lousy even for those day's standards. I know this because I've did a fair amount on encoding work in that time period, more than a decade ago.
Anyone ever hear of this codec before? Does Intel even support it anymore?
That's a good way to eliminate a security risk from an obsolete component. Now just expand that to include all of ActiveX and the world will be a much safer place for Windows.
huh, I remember seeing that codec as an option in a video editing program I was using (not sure which one) and wondering why it was there, it looked like rubbish...I guess it was.
What about ffdshow's implementation of the codec?
Suddenly, a lot of old porn is no longer going to play. Jimmy, in his mad rush to 'get there', clicks like a mad man while wondering why the vids won't play?'AGGHHHH'
Come on , Jimmy, you need to get newer stuff to watch. That old pornstar could be your granny!
In my opinion, microsoft should do a little more "blocking" of bad and decades old code. It'd allow us to move on a bit. And dropping some backwards compatibility to improve performance wouldn't hurt either.
How am I supposed to play the cutscenes in my 1997 Battlezone game?
Hmmmm..... old news getting a new spin.
That's a good way to eliminate a security risk from an obsolete component. Now just expand that to include all of ActiveX and the world will be a much safer place for Windows.
Wait a minute.. just because your not smart enough to not click yes on every box that pops up doesnt mean you have to take out something thats actualy usefull for people with higher IQ's then a snail.
I think the video clips in Sid Meier's Civilization II (such as the close-ups of the advisors) were using the Indeo 5 codec. I remember having problems with this codec on some versions of Windows.
so MS is now tellign me that all my old Re games 2-3 and all my dino crisis (1and 2) games will become coasters if i install this update ??? well F--K you MS
RE = resident evil to calrify , all teh old RE's used indeo for their video sequences
How am I supposed to play the cutscenes in my 1997 Battlezone game?
Run Linux
Run Linux
or dosbox?
or windows 98?
indeo isn't under control of MS at all. Even, intel sold it long ago to a company I don't remember. (google it to find, if it is very important for you. I'm too lazy to do it now.)
So, it's their responsibility to fix that bug. Not MS's. If they didn't fix the bug, then MS has all rights to block it until a fix comes.
I downloaded the indeo 5 codec and reinstalled it and now all my avi's will play again in media player. I won't discuss the quality of indeo but I used this codec to encode video's from my pentax camera (640x480) so the quality wasn't really an issue. Any idea to what codec or format I would better convert all these video's for storage in the long term? I don't want to convert all my home vid's because the codec is 'out of date' every two years.