Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: News > News > Hazardous Microsoft DirectX Bug Presently Being Exploited

» IT Security NEWS
 
» 27 May 2009
Hazardous Microsoft DirectX Bug Presently Being Exploited
According to an advisory issued by Microsoft, hackers are currently employing modified QuickTime media files to exploit the unfixed bug found in DirectShow, which contains the APIs utilized for multimedia support by Windows applications.

In a post on the MSRC (Microsoft Security Response Center) blog, corporation executives verified that the new security hole affects Microsoft DirectShow in Windows Server 2003, Windows XP, and Windows 2000 under limited circumstances.

Once its preliminary investigation was done, Microsoft confirmed that the code flaw was already removed from Windows Vista as part of their work in developing and building that particular version of the popular operating system (OS). What that means is that Windows Vista and all succeeding iterations of the OS—that is, Windows 7 and Windows Server 2008—are immune to this particular vulnerability.

Typically, a hacker would attempt to exploit the security hole by generating a specially modified video file in the QuickTime format and then delivering it as an attachment to an e-mail or publishing it online via an embedded object on a website.

While the flaw isn't a browser bug because it is located within the code executing DirectShow, a browser-based vector can possibly be hacked through any browser utilizing DirectShow-type media plug-ins as well.

Regardless, the company has already launched its security response process to assist in dealing with the reported zero-day hacking exploits—that is, it has published a pre-patch warning page with a clickable "Fix It" service to alleviate vulnerability risks as well as workarounds for the bug.

The official Microsoft advisory on the vulnerability states that the corporation knows of the limited yet active exploits and hacking activities used to take advantage of the security hole. Even though their investigation of the case is still ongoing, it has so far revealed that all iterations of Windows Server 2008 and Windows Vista are unaffected, while Windows XP, Windows Server 2003, and Windows 2000 Service Pack 4 are all affected.

The MSRC blog also states that the hole is specifically found in Microsoft DirectShow's QuickTime Parser. Users whose systems can be compromised by this as-yet-unfixed bug are recommended to disable QuickTime parsing to thwart any potential exploits and cyber attacks.

Read the rest of the blog post itself for more detailed instructions on how to use a managed script deployment for the security hole or simply click the "Fix It" button on the page for automatic activation of the workaround.

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245