Microsoft warns of critical DirectX flaw

Look in this specific forum for newly found security threats which may not yet be covered by your usual security software

Moderators: Admin Team, Moderators

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Microsoft warns of critical DirectX flaw

Postby TeMerc » Fri May 29, 2009 12:02 am

May 29, 2009, 7:16 am
Microsoft issued a warning about a security vulnerability in DirectX which is reportedly getting actively exploited. The affected component quartz.dll is removed in Windows Vista and 2008 Server (and also in Windows 7), so Windows 2000, XP and 2003 Server are vulnerable. With those operating systems, a user just needs to open a manipulated QuickTime file to infect her computer - independent of the Browser or Software used.

From Microsofts Security Response Center: “The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed.”

The company offers a solution in a knowledgebase article. Users can apply a fix by clicking on the “fix it”-link in that article with Internet Explorer - currently the fix is undergoing maintenance obviously though. Microsoft writes that it wants to ship a patch as soon as it is production stable. It is unclear weather this means that they want to ship an update out-of-band or if it is ready for the June Black Tuesday
0-= Avira Tech Blog
Image

Return to “EMERGING SECURITY THREATS!”

Who is online

Users browsing this forum: No registered users and 1 guest