Fixes critical MP3 bug

This morning, Microsoft officially released its first patch for the Windows 7 public beta.  The update addresses some issues with Windows Media Center playback, DVR recording, and a critical issue with MP3 support in Windows.

More specifically, the update fixes a flaw that shaves several seconds of audio from the beginning of any edited MP3 file, including those which are automatically modified with album art or tag information in any capable playback program or utility.  Interestingly enough, users who wanted to apply the fix before today had to find it, download it, and manually install it.  Microsoft's release notes state:

"Every time that metadata is edited in an MP3 file that already contains lots of metadata in the file header, some audio at the beginning of the track may be lost permanently. Up to several seconds of audio may be lost...Use of tools to add large album art to existing MP3 files may also cause this audio loss. Specifically, any information that causes the header size to exceed 16 kilobytes will trigger the loss."

Microsoft's recommended workaround consists of two steps - back up all MP3 files before performing an upgrade to Windows 7 beta from Windows Vista, and set all them to "read-only" status by right-clicking each file in Windows Explorer and then clicking the General tab and selecting the "Read-only" box.  In addition, users are advised to disable metadata automatic updates in Windows Media Player.

On another note, however, the company decided not to patch a flaw in its Server Message Block (SMB) file system for the Windows 7 public beta.  Instead, an update has gone out to Windows 2000, XP, Vista, and Server 2003 / 2008.  In response, Microsoft's monthly bulletin release for January 2009 states that a security update to a vulnerability found in beta versions of Windows will only be provided for critical issues. 

The bulletin goes on to state that the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) "would be rated as Moderate because the vulnerability would require authentication for any attack to succeed."  Moreover, the company intends to address this issue in the next public release for Windows 7.

In the meantime, the release notes for the first Windows 7 patch can be found here.