Direct X Security Vulnerability Patch

On Thursday, Microsoft discovered a critical security hole in the DirectX library for QuickTime video playback, and it seems that the vulnerability is being actively exploited by the hacker community.

As such, the multinational software corporation has published a security advisory that contains detailed information concerning the bug.

The remote code execution bug occurs because of the method by which Microsoft DirectShow—a video and audio rendering and sourcing software—manages supported QuickTime format files, the post explained.

"Microsoft is aware of limited, active attacks that use this exploit code," Microsoft's security advisory informed, taking note that whenever a user logs on with administrative user rights on a susceptible system, a hacker who has already taken advantage of the flaw could take total control of the user's machine.

The attacker then gains the abilities to access, edit, or delete files; install programs and malware; and make new accounts with full user rights.

Keep Direct X up to date to avoid vulnerability

The susceptible DirectShow filter bug is reportedly not present in Windows Server 2008 and Vista, which only leaves older platforms like Windows XP vulnerable to the security hole. However, on prone and defenseless systems, a hacker can purportedly exploit the vulnerability even if the victim uses a browser other than Internet Explorer because multimedia extensions of other browsers also utilize the operating system's (OS) DirectX functionality.

To be more specific, the Microsoft security advisory states that Windows Server 2003, Windows XP, and Windows 2000 Service Pack 4 are susceptible, while all versions of Windows Server 2008 and Windows Vista are not affected.

Installing Apple's QuickTime package won't fix the bug either, because it can be triggered both through files that are associated with, say, Media Player or specially modified faux websites containing malicious code.

Microsoft's security experts posted in a blog entry several recommendations for fixing the bug, including the deletion of the HKEY_CLASSES_ROOTCLSID{D51BD5A0-7548-11CF-A520-0080C77EF58A} registry key, which is the safest and quickest solution at hand.

Doing so prevents QuickTime from being syntactically analyzed in the exposed Quartz.dll library. Alternately, Microsoft has created a webpage users can utilize to immunize systems.

Nevertheless, at the time of this writing, the Fix It Page is undergoing maintenance and is not available.

Microsoft states that it would make a patch to fix the bug available as soon as it's ready for market-wide distribution.

Before that happens, details on the workaround for the vulnerability are available in the security advisory as well as the special Fix It Page.