Severity Rating: Important - Revision Note: V4.0 (April 29, 2009): Added Windows Media Services 2008 (KB952068) on 32-bit and x64-based editions of Windows Server 2008 Service Pack 2 as affected software. Also, added Windows Server 2008 for Itanium-based Systems Service Pack 2 as non-affected software. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB952068 do not need to reinstall.Summary: This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Read more at: http://www.microsoft.com/technet/security/bulletin/MS08-076.mspx?pubDate=2009-04-29