An initial investigation determined that affected systems include Windows 2000 Service Pack 4, Windows XP and Windows Server 2003. However, all versions of Windows Vista and Windows Server 2008 are not vulnerable to attack.
Specifically, the vulnerability exists in the way that Microsoft DirectShow -- a DirectX function that performs client-side audio and video sourcing and rendering -- handles QuickTime format files. The flaw could open the door for a remote hacker to launch an attack on users' computers by enticing users to open a malicious QuickTime media file, usually through some sort of social engineering scheme.
Attackers typically entice users to click a link embedded in an e-mail that directs them to the attacker's malicious Web page. Once the user opens the malicious page, the attacker can infiltrate and take control of the computer in order to view or steal information for identity theft activities.
Microsoft DirectX is a Windows feature used in streaming media that enables graphics and sound when users play video games or watch videos.
Microsoft said that it is currently investigating the issue through its Software Security Incident Response Process and working with Microsoft Active Protections Program and Microsoft Security Response Alliance programs to remediate the flaw. The company noted in its advisory that attacks actively exploiting the DirectX flaw appeared to be limited thus far.
Meanwhile, researchers at Microsoft recommend some workarounds that include disabling the parsing of QuickTime content in quartz.dll, which is a library with functions for DirectShow, modifying the access control list (ACL) on quartz.dll and unregistering quartz.dll altogether.
Microsoft likely will introduce a fix in a monthly "Patch Tuesday" security update bundle or as an emergency out-of-band patch, depending on the severity of the resulting attacks.
Security experts at the Redmond, Wash.-based company also suggest that users protect their PCs from attack by regularly updating software, installing and maintaining antivirus software and enabling firewall products.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
