Microsoft has decided that it is better to disable a 17-year-old video codec in older versions of Windows rather than patch the thing.
Redmond has released a security advisory that blocks the Indeo codec originally developed by Intel – the people Microsoft call in to do any complex coding – from being used by either Internet Explorer or Windows Media Player.
Apparently the Indeo codec has more attack vectors than you can poke a stick at. Microsoft however has been reluctant to fix them. One bug has been hovering around for nearly a year.
The disabling update targets only the oldest editions of Windows 2000, Windows XP and Windows Server 2003. Windows Vista, Windows 7 and Windows Server 2008 already bar the Indeo codec from loading.
Microsoft said that by blocking the codec from being used in IE and Windows Media Player it’s protecting users against the known attack vectors. Apparently no one uses Indeo these days. Well, not now they don’t.