Microsoft Re-releases Patch For Windows Movie Maker, MS Producer

Stefanie Hoffman

May 03, 2010, 07:36 PM EDT

Microsoft on Monday re-released a comprehensive security update for Windows Movie Maker and Microsoft Producer, which until now left the application vulnerable to malicious attacks.

The updated security patch incorporated a fix in Microsoft Producer 2003 that replaces the older, vulnerable application. Users can now install Producer for PowerPoint to address the issue.

Microsoft initially released the Windows Movie Maker patch in March, during its monthly Patch Tuesday update, which repaired a vulnerability occurring in the way that Windows Movie Maker parses project files.

The original security update, designated with the slightly less severe ranking of "important," addressed a flaw in versions 2.1, 2.6 and 6.0 of Windows Movie Maker and Microsoft Producer 2003 that could enable hackers to execute malicious code remotely if they sent an infected Movie Maker or Microsoft Producer project file to a victim.

The attackers would then have to successfully convince users to open the malicious file, which is typically done through social engineering tactics. Users would automatically download malicious code onto their PCs once they opened the file, allowing hackers to take complete control of their system to steal data and incorporate their computers into a botnet.

However, despite the recent fix, Microsoft Producer 3 remained vulnerable to malicious attacks.

The vulnerability does not affect Windows Live Movie Maker, available for Windows Vista and Windows 7.

Next: Microsoft Encourages Upgrade

Microsoft said in a blog post Monday that it encourages users to upgrade to the revised patch as soon as possible.

Users who prefer not to install the updated Microsoft Producer can apply a workaround from Microsoft FixIt, which prevents files from being opened in Producer when users double click on them by removing the file association from the application.

Additionally, Microsoft issued a fix for its installation switches in Movie Maker 2.6 on Windows Vista and Windows 7 patches. Users who have already applied the latest patches to Movie Maker 2.6 will not need to reapply the updates.

"Kudos to Microsoft for putting out a secure version of Microsoft Producer," said Jason Miller, data and security team manager for patch management company Shavlik Technologies in an e-mail. "The product may have reached end-of-life for support, but Microsoft is still providing a critical security fix for their software and their customers."