Your Ad Here Your Ad Here
Results 1 to 3 of 3

Thread: Get Must-Have Fix for New Microsoft DirectShow Flaw

  1. #1
    Lady LoTL's Avatar Neamhbhásmhar BT Rep: +1
    Join Date
    Mar 2007
    Dallas for TSO...
    Get Must-Have Fix for New Microsoft DirectShow Flaw

    Written by Erik Larkin

    A critical new zero-day flaw involving Microsoft DirectShow's processing of QuickTime content is under attack, Microsoft reported today.

    The flaw in the quartz.dll processor in the DirectShow platform affects Windows XP, 2000, and Server 2003. Windows Vista, Server 2008, and Windows 7 are not affected. Crooks can go after the hole even if you have Apple's QuickTime installed, according to Microsoft.

    Also, while opening a malicious QuickTime file could trigger the flaw, it's not required. According to a Microsoft post at its Security Response Center, "a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow." So a drive-by-download--which can execute an attack in the background if you simply visit a malicious page--may be possible.

    The bad guys are already attacking this hole with "limited attacks," Microsoft says, but if this is half as bad as it sounds, I'd expect such attacks to increase. While no patch is out yet, Microsoft has made a quick "Fix-It" option available to temporarily disable Windows parsing of QuickTime files.

    To get the fix, visit this Microsoft support page and click the "Fix this problem" button under the "Enable workaround" heading. You'll then download a file which, when run, will modify the Registry to protect against this flaw. Later, after Microsoft has released a patch to permanently fix the hole, you can click the "Disable workaround" link on the same page to reverse the change.

    For more information, see Microsoft Security Advisory 971778, along with posts on the Microsoft Security Research & Defense and Microsoft Security Response Center blogs.


  2. News (Archive)   -   #2
    Poster BT Rep: +1
    Join Date
    Sep 2008
    thanks for the information ...

  3. News (Archive)   -   #3
    Glitterstep's Avatar Peace|Lov|Energy|EDM BT Rep: +17BT Rep +17BT Rep +17BT Rep +17
    Join Date
    Jan 2009
    Thanks for the info !!


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts