A buffer-overflow vulnerability in Microsoft Corp.’s Windows Media Player software could let attackers run code of their choice on a victim’s system, Microsoft warned. Microsoft advised users to immediately apply a patch that takes care of not just the latest threat but also a slew of other vulnerabilities that cumulatively pose a “critical” security risk for users.

This vulnerability affects Windows Media Player 6.4, 7, 7.1 or Windows Media Player for Windows XP. A coding flaw exists in the Advanced Streaming Format (ASF) that’s used for storing streaming media data and sending it over networks. The flaw makes it possible for attackers to send malformed ASF files that could either crash a system or let hackers take administrative control of it.

Intel introduces remote Web management tool

Intel Corp.’s Web hosting subsidiary plans to add a remote management tool for customers of its flagship AppChoice hosting service. The new service, called Open Control Technology, will allow customers to automate routine and administrative tasks while still being able to view the status of tasks through a secure Web portal, Intel Online Services said in a statement.

This tool groups a customer’s hardware, operating system, applications, storage and network infrastructure as a single unit. Intel said the new service, currently in a pilot stage, would put control back in the hands of customers, and will be generally available in the first half of 2002.

J.D. Edwards ships CRM app

J.D. Edwards & Co.’s acquisition of YOUcentric Inc. is complete, and the company is looking to grab a share of the CRM software market. Last summer J.D. Edwards announced its plans to acquire customer relationship management (CRM) vendor YOUcentric in a cash and stock deal worth US$86 million.

J.D. Edwards CRM 1.0 ties the features of YOUcentric’s Java-based YOUrelate suite – which includes sales force automation, contact centre, customer service and marketing apps – to J.D. Edwards’ flagship ERP suite, OneWorld. The integration depends on J.D. Edwards’ Extended Process Integration (XPI) middleware, which serves as a message broker and transports transactions from application to application. For CRM 1.0, J.D. Edwards will ship the software with XPI adapters so users can connect the made-over YOUcentric apps to their own ERP or supply chain applications.