Microsoft disables buggy "Indeo video codec" in Windows 2000, XP, and Server 2003

Microsoft is a surprising move, has decided to disable a 17-year-old video codec in older versions of Windows rather than patch multiple vulnerabilities. According to a security advisory “Indeo codec on systems running Windows 2000, Windows XP, and Windows Server 2003 could allow code remote code execution when opening specially crafted media content. This Update […]

Microsoft is a surprising move, has decided to disable a 17-year-old video codec in older versions of Windows rather than patch multiple vulnerabilities. According to a security advisory “Indeo codec on systems running Windows 2000, Windows XP, and Windows Server 2003 could allow code remote code execution when opening specially crafted media content. This Update blocks Indeo codec from being launched in Internet Explorer or Windows Media player. Update also removes ability for this codec to be loaded when browsing Internet with any other apps. By only allowing apps to use Indeo codec when media content is from local system or from intranet zone, and by preventing IE and WMP from launching codec, this update removes most common remote attack vectors but still allows games or other apps that leverage codec locally to continue to function. “Customers who’ve automatic updating enabled will not need to take any action because it’ll be downloaded and installed automatically. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 954157.”, KB954157