On a company blog Monday, Microsoft said the claims posted on on Dec. 24 that a bug in Windows Media Player 9, 10 or 11 on Windows XP or Vista allowed remote code execution are "false." Dec. 24 is known in much of the world as Christmas Eve, the night before the annual Christmas holiday.
"We’ve found no possibility for code execution in this issue," according to a .
Microsoft acknowledged that the code posted on Bugtraq does crash Windows Media Player, Microsoft's software for playing music and video files, but the application can be restarted "right away" and doesn't affect the rest of the system.
Microsoft also in the blog entry criticizes the security researcher, identified as Laurent Gaffié on the Bugtraq post, for not reporting the vulnerability to the company when it was first found so the claim could be dismissed earlier.
"If he had, we would’ve done the exact same investigation we just completed," according to the blog entry. "When we were done, we would have let them know what we found, asked him if he thinks we might have missed something, continued the investigation if there was more information and ultimately closed the case if we didn’t find a vulnerability. This is how we handle all of the cases we investigate with responsible researchers every year."