Avira Tech BlogMay 29, 2009, 7:16 am
Microsoft issued a warning about a security vulnerability in DirectX which is reportedly getting actively exploited. The affected component quartz.dll is removed in Windows Vista and 2008 Server (and also in Windows 7), so Windows 2000, XP and 2003 Server are vulnerable. With those operating systems, a user just needs to open a manipulated QuickTime file to infect her computer - independent of the Browser or Software used.
From Microsofts Security Response Center: “The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed.”
The company offers a solution in a knowledgebase article. Users can apply a fix by clicking on the “fix it”-link in that article with Internet Explorer - currently the fix is undergoing maintenance obviously though. Microsoft writes that it wants to ship a patch as soon as it is production stable. It is unclear weather this means that they want to ship an update out-of-band or if it is ready for the June Black Tuesday
Look in this specific forum for newly found security threats which may not yet be covered by your usual security software
1 post • Page 1 of 1
- Site Admin
- Posts: 15995
- Joined: Fri Jan 28, 2005 5:16 pm
- Area Of Expertise: Security
- experience: I know the functions, OS settings, registry tweaks and more
- PC time: What else is there in life?
- Location: PHX, AZ
Users browsing this forum: No registered users and 2 guests