Microsoft warns of DirectX flaw; Vista users unaffected
A new vulnerability has been found in DirectX that affects users running Windows 2000, Windows XP, or Windows Server 2003. Microsoft has detailed the flaw and has outlined four workarounds.
Microsoft has posted Security Advisory 971778 to warn its users that it is investigating public reports of a new vulnerability in Microsoft DirectX (versions 7.0 through 9.0) that hackers are actively exploiting. The vulnerability could allow for remote code execution if a user running Windows 2000, Windows XP, or Windows Server 2003 opens a specially crafted QuickTime media file. The software giant emphasized that all versions of Windows Vista and Windows Server 2008 are not vulnerable. The company also notes that the investigation is ongoing and that it will either provide a security update on Patch Tuesday or issue an out-of-cycle security update if needed.