Windows 7 RC, as well as its precursor, Windows Vista, and the R2 and RTM/SP1 releases of Windows Server 2008 are immune to a zero-day vulnerability affecting DirectX on older versions of Windows.
The security hole makes Windows 2000 Service Pack 4, Windows XP (including SP2 and SP3), and Windows Server 2003 vulnerable to exploits but not the later versions of the Windows client and server operating systems, since the code containing the flaw was removed in Vista.
Christopher Budd, security response communications lead for Microsoft, confirmed that the company was 鈥渁ware of limited, active attacks that exploit this vulnerability.鈥 Budd explained that the vulnerable code was contained in the QuickTime parser in Microsoft DirectShow. DirectX 7.0, DirectX 8.1 and DirectX 9.0 are impacted.
鈥淎n attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn鈥檛 a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we鈥檝e verified that it is possible to direct calls to DirectShow specifically, even if Apple鈥檚 QuickTime (which is not vulnerable) is installed,鈥 Budd stated.
Concomitantly with informing the public of the zero-day vulnerability, the Redmond company is offering no less than three workarounds to bulletproof the affected operating systems from eventual exploits. The Microsoft Security Advisory (971778) contains the necessary steps that users need to take in order to protect themselves against attacks. Successful exploits of the DirectShow flaw allow an attacker to perform remote code execution on the victim’s computer.
While the company is working on a patch to resolve the vulnerability, it is providing end users with an extremely simple and efficient workaround. KB article 971778 contains an automated workaround that is designed to disable QuickTime parsing. Users simply have to click on the Fix It button and render any exploit attempts useless.
Recent Comments